From kenh@cmf.nrl.navy.mil Thu Aug 14 11:46:28 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id LAA09980 for <bugs@RT-11.MIT.EDU>; Thu, 14 Aug 1997 11:46:27 -0400
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA07959; Thu, 14 Aug 97 11:46:24 EDT
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38])
by ginger.cmf.nrl.navy.mil (8.8.5/8.8.5) with ESMTP id LAA05068
for <krb5-bugs@mit.edu>; Thu, 14 Aug 1997 11:45:56 -0400 (EDT)
Received: (from kenh@localhost)
by elvis.cmf.nrl.navy.mil (8.8.5/8.8.5) id LAA26244;
Thu, 14 Aug 1997 11:46:19 -0400 (EDT)
Message-Id: <199708141546.LAA26244@elvis.cmf.nrl.navy.mil>
Date: Thu, 14 Aug 1997 11:46:19 -0400 (EDT)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: Transitive cross-realm does not work
X-Send-Pr-Version: 3.99
System: SunOS elvis 4.1.4 4 sun4c
Architecture: sun4
The add_to_transitive function in the KDC does not work very well. It
allocates memory that never gets free'd, it does not copy over the
old transitive information, and it never clears out the new memory
allocated.
The result is that you end up with garbage in front of the realm
name.
Try using transitive cross-realm.
Apply the following patch:
Index: kdc_util.c
diff -u -r1.2 kdc_util.c
--- kdc_util.c 1997/08/04 19:49:56 1.2
+++ kdc_util.c 1997/08/14 15:12:46
@@ -555,7 +555,7 @@
{
char *realm;
char *trans;
- char *otrans;
+ char *otrans, *otrans_ptr;
/* The following are for stepping through the transited field */
@@ -576,18 +576,25 @@
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
+ free(realm);
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
+ otrans_ptr = otrans;
if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 1))) {
+ free(realm);
+ free(otrans_ptr);
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ memcpy(trans, otrans, tgt_trans->length);
+ trans[tgt_trans->length] = '\0';
+
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
@@ -723,6 +730,9 @@
strcat(trans, realm);
new_trans->length = strlen(trans) + 1;
}
+
+ free(realm);
+ free(otrans_ptr);
return(0);
}
From: Ezra Peisach <epeisach@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Tue, 23 Sep 1997 14:28:06 -0400
I too have noticed the same problem you reported... (In fact my patch
that I started is identical modulo variable names).
I have been rewriting the rtest program to do the proper testing here....
The only question I have is why do you initialize trans to otrans
initially? This will overflow buffers as well as strcat is used
extensivley and the malloc of trans is not large enough.
You did:
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ memcpy(trans, otrans, tgt_trans->length);
+ trans[tgt_trans->length] = '\0';
+
I simply did:
trans[0] = '\0';
And I initialized the length to 0 - as various tests assume that it is zero.
to fix up uninitialized variables.
Here are my current patches (using your variables):
Index: Makefile.in
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/Makefile.in,v
retrieving revision 1.34
diff -c -r1.34 Makefile.in
*** Makefile.in 1997/02/09 17:40:20 1.34
--- Makefile.in 1997/09/23 18:24:31
***************
*** 2,8 ****
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
--- 2,8 ----
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc rtest
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
***************
*** 37,42 ****
--- 37,47 ----
replay.o \
kerberos_v4.o
+ RT_OBJS= rtest.o \
+ kdc_util.o \
+ policy.o \
+ extern.o
+
depend:: kdc5_err.c
logger.c: $(SRCTOP)/lib/kadm5/logger.c
***************
*** 54,63 ****
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c
--- 59,77 ----
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
+ rtest: $(RT_OBJS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o rtest $(RT_OBJS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
+
+ check-unix:: rtest
+ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;\
+ $(RUN_SETUP) $(srcdir)/rtscript > test.out
+ cmp test.out $(srcdir)/rtest.good
+ $(RM) test.out
+
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c rtest.o rtest
Index: kdc_util.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v
retrieving revision 5.87
diff -c -r5.87 kdc_util.c
*** kdc_util.c 1997/07/30 22:30:04 5.87
--- kdc_util.c 1997/09/23 18:24:31
***************
*** 537,543 ****
{
char *realm;
char *trans;
! char *otrans;
/* The following are for stepping through the transited field */
--- 537,543 ----
{
char *realm;
char *trans;
! char *otrans, *otrans_ptr;
/* The following are for stepping through the transited field */
***************
*** 558,574 ****
--- 558,585 ----
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
+ free(realm);
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
+ /* Keep track of start so we can free */
+ otrans_ptr = otrans;
if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 1))) {
+ free(realm);
+ free(otrans_ptr);
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ new_trans->length = 0;
+
+ trans[0] = '\0';
+
+ /* memcpy(trans, otrans, tgt_trans->length);*/
+ trans[tgt_trans->length] = '\0';
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
***************
*** 706,711 ****
--- 717,724 ----
new_trans->length = strlen(trans) + 1;
}
+ free(realm);
+ free(otrans_ptr);
return(0);
}
Index: rtest.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/rtest.c,v
retrieving revision 5.4
diff -c -r5.4 rtest.c
*** rtest.c 1995/02/28 10:30:29 5.4
--- rtest.c 1997/09/23 18:24:31
***************
*** 26,31 ****
--- 26,32 ----
#include "k5-int.h"
#include <stdio.h>
#include "kdc_util.h"
+ #include "extern.h"
void
main(argc,argv)
***************
*** 35,80 ****
krb5_data otrans;
krb5_data ntrans;
! krb5_data *tgnames[10];
! krb5_principal tgs = tgnames;
! krb5_data tgsrlm;
!
! krb5_data *cnames[10];
! krb5_principal cl = cnames;
! krb5_data crlm;
!
! krb5_data *snames[10];
! krb5_principal sv = snames;
! krb5_data srlm;
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
ntrans.length = 0;
! otrans.length = strlen(argv[1]) + 1;
! otrans.data = (char *) malloc(otrans.length);
strcpy(otrans.data,argv[1]);
! tgsrlm.length = strlen(argv[2]) + 1;
! tgsrlm.data = (char *) malloc(tgsrlm.length);
! strcpy(tgsrlm.data,argv[2]);
! tgs[0] = &tgsrlm;
!
! crlm.length = strlen(argv[3]) + 1;
! crlm.data = (char *) malloc(crlm.length);
! strcpy(crlm.data,argv[3]);
! cl[0] = &crlm;
!
! srlm.length = strlen(argv[4]) + 1;
! srlm.data = (char *) malloc(srlm.length);
! strcpy(srlm.data,argv[4]);
! sv[0] = &srlm;
! add_to_transited(&otrans,&ntrans,tgs,cl,sv);
printf("%s\n",ntrans.data);
}
! krb5_encrypt_block master_encblock;
--- 36,91 ----
krb5_data otrans;
krb5_data ntrans;
! krb5_principal_data tgs;
! krb5_principal_data cl;
! krb5_principal_data sv;
!
! krb5_error_code kret;
!
! kdc_realm_t kdc_realm;
!
! kret = krb5_init_context(&kdc_realm.realm_context);
! if (kret) {
! com_err(argv[0], kret, "while getting krb5 context");
! exit(2);
! }
! kdc_active_realm = &kdc_realm;
!
! #define BZ(x) memset(&x, 0 , sizeof(x))
+ BZ(otrans);
+ BZ(ntrans);
+ BZ(tgs);
+ BZ(cl);
+ BZ(sv);
+
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
ntrans.length = 0;
! otrans.length = strlen(argv[1]);
! otrans.data = (char *) malloc(otrans.length +1);
strcpy(otrans.data,argv[1]);
! tgs.realm.length = strlen(argv[2]);
! tgs.realm.data = (char *) malloc(tgs.realm.length +1);
! strcpy(tgs.realm.data,argv[2]);
!
! cl.realm.length = strlen(argv[3]);
! cl.realm.data = (char *) malloc(cl.realm.length +1);
! strcpy(cl.realm.data,argv[3]);
!
! sv.realm.length = strlen(argv[4]);
! sv.realm.data = (char *) malloc(sv.realm.length+1);
! strcpy(sv.realm.data,argv[4]);
! add_to_transited(&otrans,&ntrans,&tgs,&cl,&sv);
printf("%s\n",ntrans.data);
+ krb5_free_context(kdc_realm.realm_context);
+ exit(0);
}
! void krb5_klog_syslog() {}
Responsible-Changed-From-To: krb5-unassigned->epeisach
Responsible-Changed-By: epeisach
Responsible-Changed-When: Tue Sep 23 14:30:13 1997
Responsible-Changed-Why:
I have already started looking at this code.
From: Ezra Peisach <epeisach@MIT.EDU>
To: Unassigned Problem Report <krb5-unassigned@RT-11.MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Tue, 23 Sep 1997 14:29:37 -0400
`Ezra Peisach' made changes to this PR.
Comments about already looking at the code. Question about why a
certain variable is initialized as it is. Also, provided a patch to
Makefile.in and rtest.c to actually test the transitive functions.
State-Changed-From-To: open-feedback
State-Changed-By: epeisach
State-Changed-When: Wed Sep 24 11:54:09 1997
State-Changed-Why:
I have suplied a patch and need to understand what some extraneous
code is about. I plan to check in the current changes as they will
make the current code work - but there might be another underlying
problem in the code wrt multirealm tickets.
From: Ezra Peisach <epeisach@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Wed, 24 Sep 1997 11:53:42 -0400
Okay - here are updated patches which do not have a potential memory
overflow. (in certain cases an extra ',' needed to be added, and if
the tgt realm started with a '/' an extra space need be added.
I also cleaned up rtest.c to be more portable...
I am still wating on you to indicate why you intialized trane with
otrans. I might be missing something obvious - or critical to
interrealm operation. If the memcpy is left in there though,
I get coredumps do to overflowing "trans".
Ezra
Index: Makefile.in
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/Makefile.in,v
retrieving revision 1.34
diff -c -r1.34 Makefile.in
*** Makefile.in 1997/02/09 17:40:20 1.34
--- Makefile.in 1997/09/24 15:49:31
***************
*** 1,8 ****
CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
--- 1,9 ----
CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
+ RUN_SETUP = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc rtest
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
***************
*** 37,42 ****
--- 38,48 ----
replay.o \
kerberos_v4.o
+ RT_OBJS= rtest.o \
+ kdc_util.o \
+ policy.o \
+ extern.o
+
depend:: kdc5_err.c
logger.c: $(SRCTOP)/lib/kadm5/logger.c
***************
*** 54,63 ****
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c
--- 60,78 ----
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
+ rtest: $(RT_OBJS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o rtest $(RT_OBJS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
+
+ check-unix:: rtest
+ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;\
+ $(RUN_SETUP) $(srcdir)/rtscript > test.out
+ cmp test.out $(srcdir)/rtest.good
+ $(RM) test.out
+
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c rtest.o rtest
Index: configure.in
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/configure.in,v
retrieving revision 1.36
diff -c -r1.36 configure.in
*** configure.in 1997/02/09 17:40:21 1.36
--- configure.in 1997/09/24 15:49:31
***************
*** 32,37 ****
AC_DEFINE(KRBCONF_KDC_MODIFIES_KDB)
fi
dnl
!
KRB5_BUILD_PROGRAM
V5_AC_OUTPUT_MAKEFILE
--- 32,38 ----
AC_DEFINE(KRBCONF_KDC_MODIFIES_KDB)
fi
dnl
! dnl
! KRB5_RUN_FLAGS
KRB5_BUILD_PROGRAM
V5_AC_OUTPUT_MAKEFILE
Index: kdc_util.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v
retrieving revision 5.87
diff -c -r5.87 kdc_util.c
*** kdc_util.c 1997/07/30 22:30:04 5.87
--- kdc_util.c 1997/09/24 15:49:31
***************
*** 537,543 ****
{
char *realm;
char *trans;
! char *otrans;
/* The following are for stepping through the transited field */
--- 537,543 ----
{
char *realm;
char *trans;
! char *otrans, *otrans_ptr;
/* The following are for stepping through the transited field */
***************
*** 558,574 ****
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
! if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 1))) {
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
--- 558,585 ----
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
+ free(realm);
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
+ /* Keep track of start so we can free */
+ otrans_ptr = otrans;
! /* +1 for null,
! +1 for extra comma which may be added between
! +1 for potential space when leading slash in realm */
! if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 3))) {
! free(realm);
! free(otrans_ptr);
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ new_trans->length = 0;
+
+ trans[0] = '\0';
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
***************
*** 706,711 ****
--- 717,724 ----
new_trans->length = strlen(trans) + 1;
}
+ free(realm);
+ free(otrans_ptr);
return(0);
}
Index: rtest.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/rtest.c,v
retrieving revision 5.4
diff -c -r5.4 rtest.c
*** rtest.c 1995/02/28 10:30:29 5.4
--- rtest.c 1997/09/24 15:49:31
***************
*** 26,31 ****
--- 26,59 ----
#include "k5-int.h"
#include <stdio.h>
#include "kdc_util.h"
+ #include "extern.h"
+
+ krb5_principal
+ make_princ(ctx, str, prog)
+ krb5_context ctx;
+ const char *str;
+ const char *prog;
+ {
+ krb5_principal ret;
+ char *dat;
+
+ if(!(ret = (krb5_principal) malloc(sizeof(krb5_principal_data)))) {
+ com_err(prog, ENOMEM, "while allocating principal data");
+ exit(3);
+ }
+ memset(ret, 0, sizeof(krb5_principal_data));
+
+ /* We do not include the null... */
+ if(!(dat = (char *) malloc(strlen(str)))) {
+ com_err(prog, ENOMEM, "while allocating principal realm data");
+ exit(3);
+ }
+ memcpy(dat, str, strlen(str));
+ krb5_princ_set_realm_data(ctx, ret, dat);
+ krb5_princ_set_realm_length(ctx, ret, strlen(str));
+
+ return ret;
+ }
void
main(argc,argv)
***************
*** 34,80 ****
{
krb5_data otrans;
krb5_data ntrans;
!
! krb5_data *tgnames[10];
! krb5_principal tgs = tgnames;
! krb5_data tgsrlm;
!
! krb5_data *cnames[10];
! krb5_principal cl = cnames;
! krb5_data crlm;
!
! krb5_data *snames[10];
! krb5_principal sv = snames;
! krb5_data srlm;
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
ntrans.length = 0;
! otrans.length = strlen(argv[1]) + 1;
otrans.data = (char *) malloc(otrans.length);
! strcpy(otrans.data,argv[1]);
! tgsrlm.length = strlen(argv[2]) + 1;
! tgsrlm.data = (char *) malloc(tgsrlm.length);
! strcpy(tgsrlm.data,argv[2]);
! tgs[0] = &tgsrlm;
!
! crlm.length = strlen(argv[3]) + 1;
! crlm.data = (char *) malloc(crlm.length);
! strcpy(crlm.data,argv[3]);
! cl[0] = &crlm;
!
! srlm.length = strlen(argv[4]) + 1;
! srlm.data = (char *) malloc(srlm.length);
! strcpy(srlm.data,argv[4]);
! sv[0] = &srlm;
add_to_transited(&otrans,&ntrans,tgs,cl,sv);
printf("%s\n",ntrans.data);
}
! krb5_encrypt_block master_encblock;
--- 62,111 ----
{
krb5_data otrans;
krb5_data ntrans;
! krb5_principal tgs, cl, sv;
! krb5_error_code kret;
! kdc_realm_t kdc_realm;
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
+
+
+ /* Get a context */
+ kret = krb5_init_context(&kdc_realm.realm_context);
+ if (kret) {
+ com_err(argv[0], kret, "while getting krb5 context");
+ exit(2);
+ }
+ /* Needed so kdc_context will work */
+ kdc_active_realm = &kdc_realm;
+
ntrans.length = 0;
! ntrans.data = 0;
!
! otrans.length = strlen(argv[1]);
otrans.data = (char *) malloc(otrans.length);
! memcpy(otrans.data,argv[1], otrans.length);
! tgs = make_princ(kdc_context, argv[2], argv[0]);
! cl = make_princ(kdc_context, argv[3], argv[0]);
! sv = make_princ(kdc_context, argv[4], argv[0]);
add_to_transited(&otrans,&ntrans,tgs,cl,sv);
printf("%s\n",ntrans.data);
+ /* Free up all memory so we can profile for leaks */
+ free(otrans.data);
+ free(ntrans.data);
+
+ krb5_free_principal(kdc_realm.realm_context, tgs);
+ krb5_free_principal(kdc_realm.realm_context, cl);
+ krb5_free_principal(kdc_realm.realm_context, sv);
+ krb5_free_context(kdc_realm.realm_context);
+
+ exit(0);
}
! void krb5_klog_syslog() {}
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Ezra Peisach <epeisach@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Fri, 26 Sep 1997 01:02:59 -0400
Sorry for the delay in getting back to you ...
Well, my only defense is that I didn't quite understand the code ...
so I did what I thought at the time was the right thing :-) After
looking at this code again, I don't know _what_ I was thinking. I think
your second patch is correct.
--Ken
From: Tom Yu <tlyu@MIT.EDU>
To: epeisach@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Sun, 22 Feb 1998 21:16:46 -0500
Can we close this out now? It appears to have been checked in...
---Tom
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Mon Feb 23 23:40:47 1998
State-Changed-Why:
closing this out...
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id LAA09980 for <bugs@RT-11.MIT.EDU>; Thu, 14 Aug 1997 11:46:27 -0400
Received: from ginger.cmf.nrl.navy.mil by MIT.EDU with SMTP
id AA07959; Thu, 14 Aug 97 11:46:24 EDT
Received: from elvis.cmf.nrl.navy.mil (kenh@elvis.cmf.nrl.navy.mil [134.207.10.38])
by ginger.cmf.nrl.navy.mil (8.8.5/8.8.5) with ESMTP id LAA05068
for <krb5-bugs@mit.edu>; Thu, 14 Aug 1997 11:45:56 -0400 (EDT)
Received: (from kenh@localhost)
by elvis.cmf.nrl.navy.mil (8.8.5/8.8.5) id LAA26244;
Thu, 14 Aug 1997 11:46:19 -0400 (EDT)
Message-Id: <199708141546.LAA26244@elvis.cmf.nrl.navy.mil>
Date: Thu, 14 Aug 1997 11:46:19 -0400 (EDT)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
Subject: Transitive cross-realm does not work
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 461
>Category: krb5-kdc
>Synopsis: Transitive cross-realm does not work
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: epeisach
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Aug 14 11:47:01 EDT 1997
>Last-Modified: Mon Feb 23 23:41:11 EST 1998
>Originator: Ken Hornstein
>Organization:
Navel Research Laboratory>Category: krb5-kdc
>Synopsis: Transitive cross-realm does not work
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: epeisach
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Aug 14 11:47:01 EDT 1997
>Last-Modified: Mon Feb 23 23:41:11 EST 1998
>Originator: Ken Hornstein
>Organization:
Show quoted text
>Release: 1.0pl1
>Environment:
>Environment:
System: SunOS elvis 4.1.4 4 sun4c
Architecture: sun4
Show quoted text
>Description:
The add_to_transitive function in the KDC does not work very well. It
allocates memory that never gets free'd, it does not copy over the
old transitive information, and it never clears out the new memory
allocated.
The result is that you end up with garbage in front of the realm
name.
Show quoted text
>How-To-Repeat:
Try using transitive cross-realm.
Show quoted text
>Fix:
Apply the following patch:
Index: kdc_util.c
diff -u -r1.2 kdc_util.c
--- kdc_util.c 1997/08/04 19:49:56 1.2
+++ kdc_util.c 1997/08/14 15:12:46
@@ -555,7 +555,7 @@
{
char *realm;
char *trans;
- char *otrans;
+ char *otrans, *otrans_ptr;
/* The following are for stepping through the transited field */
@@ -576,18 +576,25 @@
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
+ free(realm);
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
+ otrans_ptr = otrans;
if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 1))) {
+ free(realm);
+ free(otrans_ptr);
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ memcpy(trans, otrans, tgt_trans->length);
+ trans[tgt_trans->length] = '\0';
+
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
@@ -723,6 +730,9 @@
strcat(trans, realm);
new_trans->length = strlen(trans) + 1;
}
+
+ free(realm);
+ free(otrans_ptr);
return(0);
}
Show quoted text
>Audit-Trail:
From: Ezra Peisach <epeisach@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Tue, 23 Sep 1997 14:28:06 -0400
I too have noticed the same problem you reported... (In fact my patch
that I started is identical modulo variable names).
I have been rewriting the rtest program to do the proper testing here....
Show quoted text
>>>There is stil a problem that trans is not be allocated large enough to
>>>handle the "," fields. (i.e. rtscript test 4, and 7 and more).
>>>handle the "," fields. (i.e. rtscript test 4, and 7 and more).
The only question I have is why do you initialize trans to otrans
initially? This will overflow buffers as well as strcat is used
extensivley and the malloc of trans is not large enough.
You did:
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ memcpy(trans, otrans, tgt_trans->length);
+ trans[tgt_trans->length] = '\0';
+
I simply did:
trans[0] = '\0';
And I initialized the length to 0 - as various tests assume that it is zero.
to fix up uninitialized variables.
Here are my current patches (using your variables):
Index: Makefile.in
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/Makefile.in,v
retrieving revision 1.34
diff -c -r1.34 Makefile.in
*** Makefile.in 1997/02/09 17:40:20 1.34
--- Makefile.in 1997/09/23 18:24:31
***************
*** 2,8 ****
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
--- 2,8 ----
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc rtest
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
***************
*** 37,42 ****
--- 37,47 ----
replay.o \
kerberos_v4.o
+ RT_OBJS= rtest.o \
+ kdc_util.o \
+ policy.o \
+ extern.o
+
depend:: kdc5_err.c
logger.c: $(SRCTOP)/lib/kadm5/logger.c
***************
*** 54,63 ****
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c
--- 59,77 ----
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
+ rtest: $(RT_OBJS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o rtest $(RT_OBJS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
+
+ check-unix:: rtest
+ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;\
+ $(RUN_SETUP) $(srcdir)/rtscript > test.out
+ cmp test.out $(srcdir)/rtest.good
+ $(RM) test.out
+
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c rtest.o rtest
Index: kdc_util.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v
retrieving revision 5.87
diff -c -r5.87 kdc_util.c
*** kdc_util.c 1997/07/30 22:30:04 5.87
--- kdc_util.c 1997/09/23 18:24:31
***************
*** 537,543 ****
{
char *realm;
char *trans;
! char *otrans;
/* The following are for stepping through the transited field */
--- 537,543 ----
{
char *realm;
char *trans;
! char *otrans, *otrans_ptr;
/* The following are for stepping through the transited field */
***************
*** 558,574 ****
--- 558,585 ----
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
+ free(realm);
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
+ /* Keep track of start so we can free */
+ otrans_ptr = otrans;
if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 1))) {
+ free(realm);
+ free(otrans_ptr);
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ new_trans->length = 0;
+
+ trans[0] = '\0';
+
+ /* memcpy(trans, otrans, tgt_trans->length);*/
+ trans[tgt_trans->length] = '\0';
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
***************
*** 706,711 ****
--- 717,724 ----
new_trans->length = strlen(trans) + 1;
}
+ free(realm);
+ free(otrans_ptr);
return(0);
}
Index: rtest.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/rtest.c,v
retrieving revision 5.4
diff -c -r5.4 rtest.c
*** rtest.c 1995/02/28 10:30:29 5.4
--- rtest.c 1997/09/23 18:24:31
***************
*** 26,31 ****
--- 26,32 ----
#include "k5-int.h"
#include <stdio.h>
#include "kdc_util.h"
+ #include "extern.h"
void
main(argc,argv)
***************
*** 35,80 ****
krb5_data otrans;
krb5_data ntrans;
! krb5_data *tgnames[10];
! krb5_principal tgs = tgnames;
! krb5_data tgsrlm;
!
! krb5_data *cnames[10];
! krb5_principal cl = cnames;
! krb5_data crlm;
!
! krb5_data *snames[10];
! krb5_principal sv = snames;
! krb5_data srlm;
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
ntrans.length = 0;
! otrans.length = strlen(argv[1]) + 1;
! otrans.data = (char *) malloc(otrans.length);
strcpy(otrans.data,argv[1]);
! tgsrlm.length = strlen(argv[2]) + 1;
! tgsrlm.data = (char *) malloc(tgsrlm.length);
! strcpy(tgsrlm.data,argv[2]);
! tgs[0] = &tgsrlm;
!
! crlm.length = strlen(argv[3]) + 1;
! crlm.data = (char *) malloc(crlm.length);
! strcpy(crlm.data,argv[3]);
! cl[0] = &crlm;
!
! srlm.length = strlen(argv[4]) + 1;
! srlm.data = (char *) malloc(srlm.length);
! strcpy(srlm.data,argv[4]);
! sv[0] = &srlm;
! add_to_transited(&otrans,&ntrans,tgs,cl,sv);
printf("%s\n",ntrans.data);
}
! krb5_encrypt_block master_encblock;
--- 36,91 ----
krb5_data otrans;
krb5_data ntrans;
! krb5_principal_data tgs;
! krb5_principal_data cl;
! krb5_principal_data sv;
!
! krb5_error_code kret;
!
! kdc_realm_t kdc_realm;
!
! kret = krb5_init_context(&kdc_realm.realm_context);
! if (kret) {
! com_err(argv[0], kret, "while getting krb5 context");
! exit(2);
! }
! kdc_active_realm = &kdc_realm;
!
! #define BZ(x) memset(&x, 0 , sizeof(x))
+ BZ(otrans);
+ BZ(ntrans);
+ BZ(tgs);
+ BZ(cl);
+ BZ(sv);
+
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
ntrans.length = 0;
! otrans.length = strlen(argv[1]);
! otrans.data = (char *) malloc(otrans.length +1);
strcpy(otrans.data,argv[1]);
! tgs.realm.length = strlen(argv[2]);
! tgs.realm.data = (char *) malloc(tgs.realm.length +1);
! strcpy(tgs.realm.data,argv[2]);
!
! cl.realm.length = strlen(argv[3]);
! cl.realm.data = (char *) malloc(cl.realm.length +1);
! strcpy(cl.realm.data,argv[3]);
!
! sv.realm.length = strlen(argv[4]);
! sv.realm.data = (char *) malloc(sv.realm.length+1);
! strcpy(sv.realm.data,argv[4]);
! add_to_transited(&otrans,&ntrans,&tgs,&cl,&sv);
printf("%s\n",ntrans.data);
+ krb5_free_context(kdc_realm.realm_context);
+ exit(0);
}
! void krb5_klog_syslog() {}
Responsible-Changed-From-To: krb5-unassigned->epeisach
Responsible-Changed-By: epeisach
Responsible-Changed-When: Tue Sep 23 14:30:13 1997
Responsible-Changed-Why:
I have already started looking at this code.
From: Ezra Peisach <epeisach@MIT.EDU>
To: Unassigned Problem Report <krb5-unassigned@RT-11.MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Tue, 23 Sep 1997 14:29:37 -0400
`Ezra Peisach' made changes to this PR.
Comments about already looking at the code. Question about why a
certain variable is initialized as it is. Also, provided a patch to
Makefile.in and rtest.c to actually test the transitive functions.
State-Changed-From-To: open-feedback
State-Changed-By: epeisach
State-Changed-When: Wed Sep 24 11:54:09 1997
State-Changed-Why:
I have suplied a patch and need to understand what some extraneous
code is about. I plan to check in the current changes as they will
make the current code work - but there might be another underlying
problem in the code wrt multirealm tickets.
From: Ezra Peisach <epeisach@MIT.EDU>
To: kenh@cmf.nrl.navy.mil
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Wed, 24 Sep 1997 11:53:42 -0400
Okay - here are updated patches which do not have a potential memory
overflow. (in certain cases an extra ',' needed to be added, and if
the tgt realm started with a '/' an extra space need be added.
I also cleaned up rtest.c to be more portable...
I am still wating on you to indicate why you intialized trane with
otrans. I might be missing something obvious - or critical to
interrealm operation. If the memcpy is left in there though,
I get coredumps do to overflowing "trans".
Ezra
Index: Makefile.in
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/Makefile.in,v
retrieving revision 1.34
diff -c -r1.34 Makefile.in
*** Makefile.in 1997/02/09 17:40:20 1.34
--- Makefile.in 1997/09/24 15:49:31
***************
*** 1,8 ****
CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
--- 1,9 ----
CFLAGS = $(CCOPTS) $(DEFS) $(LOCALINCLUDE)
+ RUN_SETUP = @KRB5_RUN_ENV@
PROG_LIBPATH=-L$(TOPLIBD) $(KRB4_LIBPATH)
PROG_RPATH=$(KRB5_LIBDIR)
! all:: krb5kdc rtest
DEFINES = -DBACKWARD_COMPAT $(KRB4DEF)
***************
*** 37,42 ****
--- 38,48 ----
replay.o \
kerberos_v4.o
+ RT_OBJS= rtest.o \
+ kdc_util.o \
+ policy.o \
+ extern.o
+
depend:: kdc5_err.c
logger.c: $(SRCTOP)/lib/kadm5/logger.c
***************
*** 54,63 ****
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c
--- 60,78 ----
krb5kdc: $(OBJS) $(KADMSRV_DEPLIBS) $(KRB4COMPAT_DEPLIBS)
$(CC_LINK) -o krb5kdc $(OBJS) $(KADMSRV_LIBS) $(KRB4COMPAT_LIBS)
+ rtest: $(RT_OBJS) $(KADM_COMM_DEPLIBS) $(KRB5_BASE_DEPLIBS)
+ $(CC_LINK) -o rtest $(RT_OBJS) $(KADM_COMM_LIBS) $(KRB5_BASE_LIBS)
+
+ check-unix:: rtest
+ KRB5_CONFIG=$(SRCTOP)/config-files/krb5.conf ; export KRB5_CONFIG ;\
+ $(RUN_SETUP) $(srcdir)/rtscript > test.out
+ cmp test.out $(srcdir)/rtest.good
+ $(RM) test.out
+
install::
$(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc
$(INSTALL_DATA) $(srcdir)/krb5kdc.M ${DESTDIR}$(SERVER_MANDIR)/krb5kdc.8
clean::
! $(RM) kdc5_err.h kdc5_err.c krb5kdc logger.c rtest.o rtest
Index: configure.in
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/configure.in,v
retrieving revision 1.36
diff -c -r1.36 configure.in
*** configure.in 1997/02/09 17:40:21 1.36
--- configure.in 1997/09/24 15:49:31
***************
*** 32,37 ****
AC_DEFINE(KRBCONF_KDC_MODIFIES_KDB)
fi
dnl
!
KRB5_BUILD_PROGRAM
V5_AC_OUTPUT_MAKEFILE
--- 32,38 ----
AC_DEFINE(KRBCONF_KDC_MODIFIES_KDB)
fi
dnl
! dnl
! KRB5_RUN_FLAGS
KRB5_BUILD_PROGRAM
V5_AC_OUTPUT_MAKEFILE
Index: kdc_util.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/kdc_util.c,v
retrieving revision 5.87
diff -c -r5.87 kdc_util.c
*** kdc_util.c 1997/07/30 22:30:04 5.87
--- kdc_util.c 1997/09/24 15:49:31
***************
*** 537,543 ****
{
char *realm;
char *trans;
! char *otrans;
/* The following are for stepping through the transited field */
--- 537,543 ----
{
char *realm;
char *trans;
! char *otrans, *otrans_ptr;
/* The following are for stepping through the transited field */
***************
*** 558,574 ****
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
! if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 1))) {
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
--- 558,585 ----
realm[krb5_princ_realm(kdc_context, tgs)->length] = '\0';
if (!(otrans = (char *) malloc(tgt_trans->length+1))) {
+ free(realm);
return(ENOMEM);
}
memcpy(otrans, tgt_trans->data, tgt_trans->length);
otrans[tgt_trans->length] = '\0';
+ /* Keep track of start so we can free */
+ otrans_ptr = otrans;
! /* +1 for null,
! +1 for extra comma which may be added between
! +1 for potential space when leading slash in realm */
! if (!(trans = (char *) malloc(strlen(realm) + strlen(otrans) + 3))) {
! free(realm);
! free(otrans_ptr);
return(ENOMEM);
}
if (new_trans->data) free(new_trans->data);
new_trans->data = trans;
+ new_trans->length = 0;
+
+ trans[0] = '\0';
/* For the purpose of appending, the realm preceding the first */
/* realm in the transited field is considered the null realm */
***************
*** 706,711 ****
--- 717,724 ----
new_trans->length = strlen(trans) + 1;
}
+ free(realm);
+ free(otrans_ptr);
return(0);
}
Index: rtest.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/rtest.c,v
retrieving revision 5.4
diff -c -r5.4 rtest.c
*** rtest.c 1995/02/28 10:30:29 5.4
--- rtest.c 1997/09/24 15:49:31
***************
*** 26,31 ****
--- 26,59 ----
#include "k5-int.h"
#include <stdio.h>
#include "kdc_util.h"
+ #include "extern.h"
+
+ krb5_principal
+ make_princ(ctx, str, prog)
+ krb5_context ctx;
+ const char *str;
+ const char *prog;
+ {
+ krb5_principal ret;
+ char *dat;
+
+ if(!(ret = (krb5_principal) malloc(sizeof(krb5_principal_data)))) {
+ com_err(prog, ENOMEM, "while allocating principal data");
+ exit(3);
+ }
+ memset(ret, 0, sizeof(krb5_principal_data));
+
+ /* We do not include the null... */
+ if(!(dat = (char *) malloc(strlen(str)))) {
+ com_err(prog, ENOMEM, "while allocating principal realm data");
+ exit(3);
+ }
+ memcpy(dat, str, strlen(str));
+ krb5_princ_set_realm_data(ctx, ret, dat);
+ krb5_princ_set_realm_length(ctx, ret, strlen(str));
+
+ return ret;
+ }
void
main(argc,argv)
***************
*** 34,80 ****
{
krb5_data otrans;
krb5_data ntrans;
!
! krb5_data *tgnames[10];
! krb5_principal tgs = tgnames;
! krb5_data tgsrlm;
!
! krb5_data *cnames[10];
! krb5_principal cl = cnames;
! krb5_data crlm;
!
! krb5_data *snames[10];
! krb5_principal sv = snames;
! krb5_data srlm;
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
ntrans.length = 0;
! otrans.length = strlen(argv[1]) + 1;
otrans.data = (char *) malloc(otrans.length);
! strcpy(otrans.data,argv[1]);
! tgsrlm.length = strlen(argv[2]) + 1;
! tgsrlm.data = (char *) malloc(tgsrlm.length);
! strcpy(tgsrlm.data,argv[2]);
! tgs[0] = &tgsrlm;
!
! crlm.length = strlen(argv[3]) + 1;
! crlm.data = (char *) malloc(crlm.length);
! strcpy(crlm.data,argv[3]);
! cl[0] = &crlm;
!
! srlm.length = strlen(argv[4]) + 1;
! srlm.data = (char *) malloc(srlm.length);
! strcpy(srlm.data,argv[4]);
! sv[0] = &srlm;
add_to_transited(&otrans,&ntrans,tgs,cl,sv);
printf("%s\n",ntrans.data);
}
! krb5_encrypt_block master_encblock;
--- 62,111 ----
{
krb5_data otrans;
krb5_data ntrans;
! krb5_principal tgs, cl, sv;
! krb5_error_code kret;
! kdc_realm_t kdc_realm;
if (argc < 4) {
fprintf(stderr, "not enough args\n");
exit(1);
}
+
+
+ /* Get a context */
+ kret = krb5_init_context(&kdc_realm.realm_context);
+ if (kret) {
+ com_err(argv[0], kret, "while getting krb5 context");
+ exit(2);
+ }
+ /* Needed so kdc_context will work */
+ kdc_active_realm = &kdc_realm;
+
ntrans.length = 0;
! ntrans.data = 0;
!
! otrans.length = strlen(argv[1]);
otrans.data = (char *) malloc(otrans.length);
! memcpy(otrans.data,argv[1], otrans.length);
! tgs = make_princ(kdc_context, argv[2], argv[0]);
! cl = make_princ(kdc_context, argv[3], argv[0]);
! sv = make_princ(kdc_context, argv[4], argv[0]);
add_to_transited(&otrans,&ntrans,tgs,cl,sv);
printf("%s\n",ntrans.data);
+ /* Free up all memory so we can profile for leaks */
+ free(otrans.data);
+ free(ntrans.data);
+
+ krb5_free_principal(kdc_realm.realm_context, tgs);
+ krb5_free_principal(kdc_realm.realm_context, cl);
+ krb5_free_principal(kdc_realm.realm_context, sv);
+ krb5_free_context(kdc_realm.realm_context);
+
+ exit(0);
}
! void krb5_klog_syslog() {}
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
To: Ezra Peisach <epeisach@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Fri, 26 Sep 1997 01:02:59 -0400
Sorry for the delay in getting back to you ...
Show quoted text
>The only question I have is why do you initialize trans to otrans
>initially? This will overflow buffers as well as strcat is used
>extensivley and the malloc of trans is not large enough.
>initially? This will overflow buffers as well as strcat is used
>extensivley and the malloc of trans is not large enough.
Well, my only defense is that I didn't quite understand the code ...
so I did what I thought at the time was the right thing :-) After
looking at this code again, I don't know _what_ I was thinking. I think
your second patch is correct.
--Ken
From: Tom Yu <tlyu@MIT.EDU>
To: epeisach@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/461: Transitive cross-realm does not work
Date: Sun, 22 Feb 1998 21:16:46 -0500
Can we close this out now? It appears to have been checked in...
---Tom
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Mon Feb 23 23:40:47 1998
State-Changed-Why:
closing this out...
Show quoted text
>Unformatted: