From vwelch@ncsa.uiuc.edu Fri Nov 6 12:05:30 1998
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA04500 for <bugs@RT-11.MIT.EDU>; Fri, 6 Nov 1998 12:05:29 -0500
Received: from computer.ncsa.uiuc.edu by MIT.EDU with SMTP
id AA01448; Fri, 6 Nov 98 12:05:30 EST
Received: from vwelch by computer.ncsa.uiuc.edu with local (Exim 1.82 #9)
id 0zbpKA-0001fJ-00; Fri, 6 Nov 1998 11:05:26 -0600
Message-Id: <E0zbpKA-0001fJ-00@computer.ncsa.uiuc.edu>
Date: Fri, 6 Nov 1998 11:05:26 -0600
From: vwelch@ncsa.uiuc.edu
Reply-To: vwelch@ncsa.uiuc.edu
To: krb5-bugs@MIT.EDU
Cc: vwelch@ncsa.uiuc.edu
Subject: Windows credentials manager doesn't display password changing errors correctrly
X-Send-Pr-Version: 3.99
------------------------------------------------------------------------
Von Welch Senior Network Engineer vwelch@ncsa.uiuc.edu
National Center for Supercomputing Applications
------------------------------------------------------------------------
Windows NT/95
Architecture: i686
the server not to be displayed to the user.
give it a password that is unacceptable to the server for whatever
reason (e.g. too short, not enough classes). Notice
the not too helpful error message that comes back.
The code tries to checks the length of the reply against the length of
the buffer to prevent an overflow, but it checks using the wrong
variable so it always thinks there is an overflow and never displays
any reply. See attached diff.
Index: kpasswd.c
===================================================================
RCS file: /afs/ncsa/src/kerberos/cvsroot/krb5-win/windows/cns/kpasswd.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 kpasswd.c
*** kpasswd.c 1997/10/21 16:05:27 1.1.1.1
--- kpasswd.c 1998/11/06 16:55:23
***************
*** 61,67 ****
*ptr++ = '\n';
n = reply[i].length; /* Easier to work with */
! if (ptr + n + 2 >= errbuf) /* Check for overflow */
break;
memcpy (ptr, reply[i].data, n); /* Add the message */
ptr += n; /* Point to the end */
--- 61,67 ----
*ptr++ = '\n';
n = reply[i].length; /* Easier to work with */
! if (ptr + n + 2 >= end) /* Check for overflow */
break;
memcpy (ptr, reply[i].data, n); /* Add the message */
ptr += n; /* Point to the end */
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id MAA04500 for <bugs@RT-11.MIT.EDU>; Fri, 6 Nov 1998 12:05:29 -0500
Received: from computer.ncsa.uiuc.edu by MIT.EDU with SMTP
id AA01448; Fri, 6 Nov 98 12:05:30 EST
Received: from vwelch by computer.ncsa.uiuc.edu with local (Exim 1.82 #9)
id 0zbpKA-0001fJ-00; Fri, 6 Nov 1998 11:05:26 -0600
Message-Id: <E0zbpKA-0001fJ-00@computer.ncsa.uiuc.edu>
Date: Fri, 6 Nov 1998 11:05:26 -0600
From: vwelch@ncsa.uiuc.edu
Reply-To: vwelch@ncsa.uiuc.edu
To: krb5-bugs@MIT.EDU
Cc: vwelch@ncsa.uiuc.edu
Subject: Windows credentials manager doesn't display password changing errors correctrly
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 655
>Category: krb5-clients
>Synopsis: Windows credentials manager doesn't display password changing errors correctrly
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Nov 06 12:06:00 EST 1998
>Last-Modified: Fri Sep 14 11:49:28 EDT 2001
>Originator: Von Welch
>Organization:
>Category: krb5-clients
>Synopsis: Windows credentials manager doesn't display password changing errors correctrly
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Nov 06 12:06:00 EST 1998
>Last-Modified: Fri Sep 14 11:49:28 EDT 2001
>Originator: Von Welch
>Organization:
------------------------------------------------------------------------
Von Welch Senior Network Engineer vwelch@ncsa.uiuc.edu
National Center for Supercomputing Applications
------------------------------------------------------------------------
Show quoted text
>Release: NT-ALPHA-2 Snapshot
>Environment:
>Environment:
Windows NT/95
Architecture: i686
Show quoted text
>Description:
There is a bug in the code that causes the error message fromthe server not to be displayed to the user.
Show quoted text
>How-To-Repeat:
Try using krb5.exe to change your password and for the new passwordgive it a password that is unacceptable to the server for whatever
reason (e.g. too short, not enough classes). Notice
the not too helpful error message that comes back.
Show quoted text
>Fix:
The code tries to checks the length of the reply against the length of
the buffer to prevent an overflow, but it checks using the wrong
variable so it always thinks there is an overflow and never displays
any reply. See attached diff.
Index: kpasswd.c
===================================================================
RCS file: /afs/ncsa/src/kerberos/cvsroot/krb5-win/windows/cns/kpasswd.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 kpasswd.c
*** kpasswd.c 1997/10/21 16:05:27 1.1.1.1
--- kpasswd.c 1998/11/06 16:55:23
***************
*** 61,67 ****
*ptr++ = '\n';
n = reply[i].length; /* Easier to work with */
! if (ptr + n + 2 >= errbuf) /* Check for overflow */
break;
memcpy (ptr, reply[i].data, n); /* Add the message */
ptr += n; /* Point to the end */
--- 61,67 ----
*ptr++ = '\n';
n = reply[i].length; /* Easier to work with */
! if (ptr + n + 2 >= end) /* Check for overflow */
break;
memcpy (ptr, reply[i].data, n); /* Add the message */
ptr += n; /* Point to the end */
Show quoted text
>Audit-Trail:
>Unformatted:
>Unformatted: