Skip Menu |
 

Date: Fri, 09 Nov 2007 14:44:42 -0500
From: Jeffrey Altman <jaltman@secure-endpoints.com>
To: krb5-bugs@mit.edu
Subject: fix krb5_string_to_keysalts() string processing infinite loop and default keysalt type
Download (untitled) / with headers
text/plain 1.1KiB
Please review the following patch to krb5_string_to_keysalts() in
src/lib/kadm5/str_conv.c.

Index: str_conv.c

===================================================================

--- str_conv.c (revision 20163)

+++ str_conv.c (working copy)

@@ -310,7 +310,7 @@

septmp = ksseplist;

for (sp = strchr(kp, (int) *septmp);

*(++septmp) && !sp;

- ep = strchr(kp, (int) *septmp));

+ sp = strchr(kp, (int) *septmp));

if (sp) {

/* Separate enctype from salttype */

@@ -346,6 +346,9 @@

krb5_xfree(savep);

}

+ if (stype == -1)

+ stype == KRB5_KDB_SALT_TYPETYPE_NORMAL;

+

/* Save our values */

(*ksaltp)[(*nksaltp)].ks_enctype = ktype;

(*ksaltp)[(*nksaltp)].ks_salttype = stype;

The patch corrects an infinite loop in the parsing of 'kp'.

Also, instead of setting the ks_salttype field to -1 which is an invalid
salttype, we default to using the normal salt type instead.

These changes have been in use at a client's site for many years.

Jeffrey Altman
Download smime.p7s
application/x-pkcs7-signature 3.2KiB

Message body not shown because it is not plain text.

The first part looks like a no-brainer, go ahead...

I'm guessing the second part changes the software behavior from requiring the salt type to be
explicitly given to defaulting to normal salt type? I think it's probably okay, but I could imagine
someone might think having the salt type explicit is a good thing, maybe. And if it is a
behavior change, there may be doc changes needed as well.
From: jaltman@mit.edu
Subject: SVN Commit

krb5_string_to_keysalts()
Fix an infinite loop in the parsing of 'kp'


Commit By: jaltman



Revision: 20557
Changed Files:
U trunk/src/lib/kadm5/str_conv.c
There will need to be a new separate ticket for the default keysalt type
issue if there is not already one.
From: tlyu@mit.edu
Subject: SVN Commit

pull up r20557 from trunk

r20557@cathode-dark-space: jaltman | 2008-07-21 16:30:44 -0400
ticket: 5839
tags: pullup

krb5_string_to_keysalts()
Fix an infinite loop in the parsing of 'kp'




Commit By: tlyu



Revision: 20563
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/lib/kadm5/str_conv.c