From jbrezak@microsoft.com Wed Jan 27 21:07:13 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id VAA27093 for <bugs@RT-11.MIT.EDU>; Wed, 27 Jan 1999 21:07:12 -0500
Received: from mail5.microsoft.com by MIT.EDU with SMTP
id AA18362; Wed, 27 Jan 99 21:06:53 EST
Received: by INET-IMC-05 with Internet Mail Service (5.5.2524.0)
id <DT598WH3>; Wed, 27 Jan 1999 18:07:11 -0800
Message-Id: <FFD1BA74C6A7D111A09500805F9F88F507D24FE3@RED-MSG-43>
Date: Wed, 27 Jan 1999 18:07:11 -0800
From: John Brezak <jbrezak@microsoft.com>
To: "'krb5-bugs@mit.edu'" <krb5-bugs@MIT.EDU>
Subject: Problem in telnet and wintel with large tickets
Responsible-Changed-From-To: gnats-admin->tytso
Responsible-Changed-By: tytso
Responsible-Changed-When: Wed Feb 3 23:51:31 1999
Responsible-Changed-Why: I'm fixing this...
State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Wed Feb 3 23:51:50 1999
State-Changed-Why: Fix commited into mainline and 1.0 release branches
that has authdata (for instance) is used, it will either trash the stack or
other vars. This is in both telnet and wintel/telnet
$ diff -wc kerberos5.c~ kerberos5.c
*** kerberos5.c~ Sat Nov 09 00:25:16 1996
--- kerberos5.c Thu Jan 28 01:10:17 1999
***************
*** 92,98 ****
#endif /* FORWARD */
! static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/
--- 92,98 ----
#endif /* FORWARD */
! static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/
And:
C:\jbrezak\src\MIT-krb5\krb5-win\windows\wintel>diff -wc auth.c~ auth.c
*** auth.c~ Thu Feb 06 19:29:42 1997
--- auth.c Tue Jan 19 01:02:03 1999
***************
*** 209,215 ****
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[512];
char *pname;
int plen;
int r;
--- 209,215 ----
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[2048]; /* be sure that this is > auth.length+9 */
char *pname;
int plen;
int r;
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
John Brezak * mailto:jbrezak@microsoft.com
Microsoft Corporation * 425-936-2602
One Microsoft Way
Redmond, WA 98052
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id VAA27093 for <bugs@RT-11.MIT.EDU>; Wed, 27 Jan 1999 21:07:12 -0500
Received: from mail5.microsoft.com by MIT.EDU with SMTP
id AA18362; Wed, 27 Jan 99 21:06:53 EST
Received: by INET-IMC-05 with Internet Mail Service (5.5.2524.0)
id <DT598WH3>; Wed, 27 Jan 1999 18:07:11 -0800
Message-Id: <FFD1BA74C6A7D111A09500805F9F88F507D24FE3@RED-MSG-43>
Date: Wed, 27 Jan 1999 18:07:11 -0800
From: John Brezak <jbrezak@microsoft.com>
To: "'krb5-bugs@mit.edu'" <krb5-bugs@MIT.EDU>
Subject: Problem in telnet and wintel with large tickets
Show quoted text
>Number: 686
>Category: telnet
>Synopsis: Problem in telnet and wintel with large tickets
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: tytso
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 27 21:08:00 EST 1999
>Last-Modified: Wed Feb 03 23:52:14 EST 1999
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: telnet
>Synopsis: Problem in telnet and wintel with large tickets
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: tytso
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 27 21:08:00 EST 1999
>Last-Modified: Wed Feb 03 23:52:14 EST 1999
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->tytso
Responsible-Changed-By: tytso
Responsible-Changed-When: Wed Feb 3 23:51:31 1999
Responsible-Changed-Why: I'm fixing this...
State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Wed Feb 3 23:51:50 1999
State-Changed-Why: Fix commited into mainline and 1.0 release branches
Show quoted text
>Unformatted:
The static buffers for the authentication data are too small. If a ticketthat has authdata (for instance) is used, it will either trash the stack or
other vars. This is in both telnet and wintel/telnet
$ diff -wc kerberos5.c~ kerberos5.c
*** kerberos5.c~ Sat Nov 09 00:25:16 1996
--- kerberos5.c Thu Jan 28 01:10:17 1999
***************
*** 92,98 ****
#endif /* FORWARD */
! static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/
--- 92,98 ----
#endif /* FORWARD */
! static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/
And:
C:\jbrezak\src\MIT-krb5\krb5-win\windows\wintel>diff -wc auth.c~ auth.c
*** auth.c~ Thu Feb 06 19:29:42 1997
--- auth.c Tue Jan 19 01:02:03 1999
***************
*** 209,215 ****
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[512];
char *pname;
int plen;
int r;
--- 209,215 ----
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[2048]; /* be sure that this is > auth.length+9 */
char *pname;
int plen;
int r;
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
John Brezak * mailto:jbrezak@microsoft.com
Microsoft Corporation * 425-936-2602
One Microsoft Way
Redmond, WA 98052