Skip Menu |
 

Download (untitled) / with headers
text/plain 3.2KiB
From jbrezak@microsoft.com Wed Jan 27 21:07:13 1999
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id VAA27093 for <bugs@RT-11.MIT.EDU>; Wed, 27 Jan 1999 21:07:12 -0500
Received: from mail5.microsoft.com by MIT.EDU with SMTP
id AA18362; Wed, 27 Jan 99 21:06:53 EST
Received: by INET-IMC-05 with Internet Mail Service (5.5.2524.0)
id <DT598WH3>; Wed, 27 Jan 1999 18:07:11 -0800
Message-Id: <FFD1BA74C6A7D111A09500805F9F88F507D24FE3@RED-MSG-43>
Date: Wed, 27 Jan 1999 18:07:11 -0800
From: John Brezak <jbrezak@microsoft.com>
To: "'krb5-bugs@mit.edu'" <krb5-bugs@MIT.EDU>
Subject: Problem in telnet and wintel with large tickets

Show quoted text
>Number: 686
>Category: telnet
>Synopsis: Problem in telnet and wintel with large tickets
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: tytso
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Jan 27 21:08:00 EST 1999
>Last-Modified: Wed Feb 03 23:52:14 EST 1999
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:

Responsible-Changed-From-To: gnats-admin->tytso
Responsible-Changed-By: tytso
Responsible-Changed-When: Wed Feb 3 23:51:31 1999
Responsible-Changed-Why: I'm fixing this...

State-Changed-From-To: open-closed
State-Changed-By: tytso
State-Changed-When: Wed Feb 3 23:51:50 1999
State-Changed-Why: Fix commited into mainline and 1.0 release branches


Show quoted text
>Unformatted:
The static buffers for the authentication data are too small. If a ticket
that has authdata (for instance) is used, it will either trash the stack or
other vars. This is in both telnet and wintel/telnet

$ diff -wc kerberos5.c~ kerberos5.c
*** kerberos5.c~ Sat Nov 09 00:25:16 1996
--- kerberos5.c Thu Jan 28 01:10:17 1999
***************
*** 92,98 ****

#endif /* FORWARD */

! static unsigned char str_data[1024] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/
--- 92,98 ----

#endif /* FORWARD */

! static unsigned char str_data[2048] = { IAC, SB, TELOPT_AUTHENTICATION, 0,
AUTHTYPE_KERBEROS_V5, };
/*static unsigned char str_name[1024] = { IAC, SB, TELOPT_AUTHENTICATION,
TELQUAL_NAME, };*/

And:

C:\jbrezak\src\MIT-krb5\krb5-win\windows\wintel>diff -wc auth.c~ auth.c
*** auth.c~ Thu Feb 06 19:29:42 1997
--- auth.c Tue Jan 19 01:02:03 1999
***************
*** 209,215 ****
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[512];
char *pname;
int plen;
int r;
--- 209,215 ----
static int
auth_send(kstream ks, unsigned char *parsedat, int end_sub)
{
! char buf[2048]; /* be sure that this is > auth.length+9 */
char *pname;
int plen;
int r;



=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
John Brezak * mailto:jbrezak@microsoft.com
Microsoft Corporation * 425-936-2602
One Microsoft Way
Redmond, WA 98052