From mhpower@MIT.EDU Mon Nov 3 00:55:29 1997
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id AAA20445 for <bugs@RT-11.MIT.EDU>; Mon, 3 Nov 1997 00:55:28 -0500
Received: from YAZ-PISTACHIO.MIT.EDU by MIT.EDU with SMTP
id AA09042; Mon, 3 Nov 97 00:55:32 EST
Received: by yaz-pistachio.MIT.EDU (5.57/4.7) id AA10795; Mon, 3 Nov 97 00:55:26 -0500
Message-Id: <9711030555.AA10795@yaz-pistachio.MIT.EDU>
Date: Mon, 3 Nov 97 00:55:26 -0500
From: mhpower@MIT.EDU
Reply-To: mhpower@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: for 1.0.3: klogind buffer overrun
X-Send-Pr-Version: 3.99
System: any
Architecture: any
buffer.
corresponding to an h_name field of over 127 characters.
--- krb5-1.0.2/src/appl/bsd/krlogind.c Mon Nov 3 00:28:44 1997
***************
*** 549,551 ****
/* Save hostent information.... */
! else strcpy(rhost_name,hp->h_name);
--- 549,554 ----
/* Save hostent information.... */
! else {
! strncpy(rhost_name,hp->h_name,sizeof(rhost_name));
! rhost_name[sizeof(rhost_name) - 1] = '\0';
! }
State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Tue Nov 4 21:21:21 1997
State-Changed-Why:
Fixed; appl/bsd/krlogind.c 5.92. Not closing yet because we might
want this in 1.0.3.
From: Tom Yu <tlyu@MIT.EDU>
To: mhpower@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/488: buffer overflow in 1.0.2 klogind
Date: Tue, 4 Nov 1997 21:21:09 -0500
Thanks for the bug report; it'll be fixed in the current sources soon,
and we'll probably put out another patch release for this soon.
---Tom
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Tue Nov 11 20:31:47 1997
State-Changed-Why:
checked in on 1.0 branch:
src/appl/bsd/krlogind.c 5.89 -> 5.89.2.1
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id AAA20445 for <bugs@RT-11.MIT.EDU>; Mon, 3 Nov 1997 00:55:28 -0500
Received: from YAZ-PISTACHIO.MIT.EDU by MIT.EDU with SMTP
id AA09042; Mon, 3 Nov 97 00:55:32 EST
Received: by yaz-pistachio.MIT.EDU (5.57/4.7) id AA10795; Mon, 3 Nov 97 00:55:26 -0500
Message-Id: <9711030555.AA10795@yaz-pistachio.MIT.EDU>
Date: Mon, 3 Nov 97 00:55:26 -0500
From: mhpower@MIT.EDU
Reply-To: mhpower@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: for 1.0.3: klogind buffer overrun
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 488
>Category: krb5-appl
>Synopsis: for 1.0.3: klogind buffer overrun
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 03 00:56:01 EST 1997
>Last-Modified: Tue Nov 11 20:32:38 EST 1997
>Originator: Matt Power
>Organization:
MIT>Category: krb5-appl
>Synopsis: for 1.0.3: klogind buffer overrun
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Nov 03 00:56:01 EST 1997
>Last-Modified: Tue Nov 11 20:32:38 EST 1997
>Originator: Matt Power
>Organization:
Show quoted text
>Release: 1.0.2
>Environment:
<machine, os, target, libraries (multiple lines)>>Environment:
System: any
Architecture: any
Show quoted text
>Description:
There's a strcpy of an h_name field into a 128-characterbuffer.
Show quoted text
>How-To-Repeat:
Arrange for the DNS server response to include datacorresponding to an h_name field of over 127 characters.
Show quoted text
>Fix:
*** krb5-1.0.2/src/appl/bsd/krlogind.c.old Fri Oct 31 15:42:50 1997--- krb5-1.0.2/src/appl/bsd/krlogind.c Mon Nov 3 00:28:44 1997
***************
*** 549,551 ****
/* Save hostent information.... */
! else strcpy(rhost_name,hp->h_name);
--- 549,554 ----
/* Save hostent information.... */
! else {
! strncpy(rhost_name,hp->h_name,sizeof(rhost_name));
! rhost_name[sizeof(rhost_name) - 1] = '\0';
! }
Show quoted text
>Audit-Trail:
State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Tue Nov 4 21:21:21 1997
State-Changed-Why:
Fixed; appl/bsd/krlogind.c 5.92. Not closing yet because we might
want this in 1.0.3.
From: Tom Yu <tlyu@MIT.EDU>
To: mhpower@MIT.EDU
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/488: buffer overflow in 1.0.2 klogind
Date: Tue, 4 Nov 1997 21:21:09 -0500
Thanks for the bug report; it'll be fixed in the current sources soon,
and we'll probably put out another patch release for this soon.
---Tom
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Tue Nov 11 20:31:47 1997
State-Changed-Why:
checked in on 1.0 branch:
src/appl/bsd/krlogind.c 5.89 -> 5.89.2.1
Show quoted text
>Unformatted: