From ghudson@MIT.EDU Thu Aug 6 17:27:47 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA13972 for <bugs@RT-11.MIT.EDU>; Thu, 6 Aug 1998 17:27:46 -0400
Received: from SMALL-GODS.MIT.EDU by MIT.EDU with SMTP
id AA04099; Thu, 6 Aug 98 17:28:14 EDT
Received: by small-gods.mit.edu (SMI-8.6/4.7) id RAA04931; Thu, 6 Aug 1998 17:27:45 -0400
Message-Id: <199808062127.RAA04931@small-gods.mit.edu>
Date: Thu, 6 Aug 1998 17:27:45 -0400
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: rcp krb4 support
X-Send-Pr-Version: 3.99
System: SunOS small-gods.mit.edu 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-1
Architecture: sun4
it uses garbage_buf without putting the actual data in it.
===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/kcmd.c,v
retrieving revision 1.2
diff -c -r1.2 kcmd.c
*** kcmd.c 1997/10/19 03:44:23 1.2
--- kcmd.c 1998/08/06 21:09:53
***************
*** 1015,1020 ****
--- 1015,1023 ----
krb5_random_confounder(8 - len, garbage_buf);
/* this "right-justifies" the data in the buffer */
(void) memcpy(garbage_buf + 8 - len, buf, len);
+ } else {
+ krb5_random_confounder(8 - len, garbage_buf + len);
+ (void) memcpy(garbage_buf, buf, len);
}
(void) pcbc_encrypt((len < 8) ? garbage_buf : buf,
des_outpkt+4,
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id RAA13972 for <bugs@RT-11.MIT.EDU>; Thu, 6 Aug 1998 17:27:46 -0400
Received: from SMALL-GODS.MIT.EDU by MIT.EDU with SMTP
id AA04099; Thu, 6 Aug 98 17:28:14 EDT
Received: by small-gods.mit.edu (SMI-8.6/4.7) id RAA04931; Thu, 6 Aug 1998 17:27:45 -0400
Message-Id: <199808062127.RAA04931@small-gods.mit.edu>
Date: Thu, 6 Aug 1998 17:27:45 -0400
From: ghudson@MIT.EDU
Reply-To: ghudson@MIT.EDU
To: krb5-bugs@MIT.EDU
Subject: rcp krb4 support
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 620
>Category: krb5-appl
>Synopsis: rcp outgoing encryted krb4 data is broken
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Aug 06 17:28:00 EDT 1998
>Last-Modified:
>Originator: Greg Hudson
>Organization:
MIT>Category: krb5-appl
>Synopsis: rcp outgoing encryted krb4 data is broken
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Thu Aug 06 17:28:00 EDT 1998
>Last-Modified:
>Originator: Greg Hudson
>Organization:
Show quoted text
>Release: 1.0pl1
>Environment:
>Environment:
System: SunOS small-gods.mit.edu 5.6 Generic_105181-05 sun4u sparc SUNW,Ultra-1
Architecture: sun4
Show quoted text
>Description:
v4_des_write() in kcmd.c does the wrong thing when right_justify is off;it uses garbage_buf without putting the actual data in it.
Show quoted text
>How-To-Repeat:
rcp -x to a host with only a krb4 daemon.Show quoted text
>Fix:
Index: kcmd.c===================================================================
RCS file: /afs/dev.mit.edu/source/repository/third/krb5/src/appl/bsd/kcmd.c,v
retrieving revision 1.2
diff -c -r1.2 kcmd.c
*** kcmd.c 1997/10/19 03:44:23 1.2
--- kcmd.c 1998/08/06 21:09:53
***************
*** 1015,1020 ****
--- 1015,1023 ----
krb5_random_confounder(8 - len, garbage_buf);
/* this "right-justifies" the data in the buffer */
(void) memcpy(garbage_buf + 8 - len, buf, len);
+ } else {
+ krb5_random_confounder(8 - len, garbage_buf + len);
+ (void) memcpy(garbage_buf, buf, len);
}
(void) pcbc_encrypt((len < 8) ? garbage_buf : buf,
des_outpkt+4,
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: