Skip Menu |
 

Download (untitled) / with headers
text/plain 3.4KiB
From fcusack@ratbert.iconnet.net Fri Jan 22 18:41:11 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id SAA26062 for <bugs@RT-11.MIT.EDU>; Fri, 22 Jan 1999 18:41:10 -0500
Received: from ratbert.iconnet.net by MIT.EDU with SMTP
id AA09391; Fri, 22 Jan 99 18:40:54 EST
Received: (from fcusack@localhost)
by ratbert.iconnet.net (8.9.1/8.9.1) id SAA03140;
Fri, 22 Jan 1999 18:42:52 -0500 (EST)
Message-Id: <199901222342.SAA03140@ratbert.iconnet.net>
Date: Fri, 22 Jan 1999 18:42:52 -0500 (EST)
From: fcusack@iconnet.net
Reply-To: fcusack@iconnet.net
To: krb5-bugs@MIT.EDU
Cc: fcusack@iconnet.net
Subject: infinite error loop in ftpd
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 684
>Category: krb5-appl
>Synopsis: There is a possible infinite loop when ftpd sends replies
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: tlyu
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Jan 22 18:42:00 EST 1999
>Last-Modified: Thu Feb 25 23:35:01 EST 1999
>Originator: Frank Cusack
>Organization:
Qwest Comm.
Show quoted text
>Release: krb5-current-19981012
>Environment:
Unix
System: SunOS ratbert 5.6 Generic_105181-09 sun4u sparc SUNW,Ultra-5_10
Architecture: sun4

Show quoted text
>Description:
If certain errors occur during reply(), it calls itself again,
which will probably generate the same errors, calling itself
again, ...

This patch is against -current from 10/12/1998; if the gssapi
or ftpd has changed since then they probably won't apply cleanly.
Show quoted text
>How-To-Repeat:
>Fix:
Index: ftpd.c
===================================================================
RCS file: /icon/d04/src/3rd-party/krb5-19981012/src/appl/gssftp/ftpd/ftpd.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 ftpd.c
--- ftpd.c 1998/10/14 00:47:31 1.1.1.1
+++ ftpd.c 1999/01/22 23:38:00
@@ -1619,13 +1619,19 @@
&in_buf, &conf_state,
&out_buf);
if (maj_stat != GSS_S_COMPLETE) {
+#if 0
+/* Don't setup an infinite loop */
/* generally need to deal */
secure_gss_error(maj_stat, min_stat,
(clevel==PROT_P)?
"gss_seal ENC didn't complete":
"gss_seal MIC didn't complete");
+#endif /* 0 */
} else if ((clevel == PROT_P) && !conf_state) {
+#if 0
+/* Don't setup an infinite loop */
secure_error("GSSAPI didn't encrypt message");
+#endif /* 0 */
} else {
memcpy(out, out_buf.value,
length=out_buf.length);
@@ -2511,12 +2517,15 @@
reply(code, "GSSAPI error: %s", s);
}

+#if 0
+/* Only called from reply, which would setup a loop */
secure_gss_error(maj_stat, min_stat, s)
OM_uint32 maj_stat, min_stat;
char *s;
{
return reply_gss_error(535, maj_stat, min_stat, s);
}
+#endif /* 0 */


#include <krb5.h>
Show quoted text
>Audit-Trail:

Responsible-Changed-From-To: krb5-unassigned->tlyu
Responsible-Changed-By: tlyu
Responsible-Changed-When: Thu Feb 25 23:32:40 1999
Responsible-Changed-Why:

refiled

State-Changed-From-To: Open-closed
State-Changed-By: tlyu
State-Changed-When: Thu Feb 25 23:34:21 1999
State-Changed-Why:

applied


From: Tom Yu <tlyu@MIT.EDU>
To: fcusack@iconnet.net
Cc: krb5-bugs@MIT.EDU, fcusack@iconnet.net
Subject: Re: krb5-appl/684: There is a possible infinite loop when ftpd sends replies
Date: Thu, 25 Feb 1999 23:34:14 -0500 (EST)

Thanks for the report. I've applied your patch with a few changes;
you can't get rid of secure_gss_error() though, because something in
secure.c needs it.

---Tom
Show quoted text
>Unformatted: