From jw3251@delphi.pbis.com Wed Aug 11 22:47:28 1999
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id WAA28078 for <bugs@RT-11.MIT.EDU>; Wed, 11 Aug 1999 22:47:27 -0400
Received: from news.ptes.com by MIT.EDU with SMTP
id AA24206; Wed, 11 Aug 99 22:47:39 EDT
Received: from delphi.pbis.com (delphi.pbis.com [138.112.197.231])
by news.ptes.com (8.8.7/8.8.7) with ESMTP id TAA10148
for <krb5-bugs@mit.edu>; Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
Received: (from jw3251@localhost)
by delphi.pbis.com (8.8.8+Sun/8.8.8) id TAA29292;
Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
Message-Id: <199908120247.TAA29292@delphi.pbis.com>
Date: Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
From: jw3251@pbis.com
Reply-To: jw3251@pbis.com
To: krb5-bugs@MIT.EDU
Subject: Segmentation Fault in rlogin
X-Send-Pr-Version: 3.99
System: SunOS delphi 5.6 Generic_105181-15 sun4u sparc SUNW,Ultra-2
Machine: SUN UltraSPARC-2
OS: SUN Solaris 2.6 (SunOS 5.6)
Target: SUN UltraSPARC-2, SUN Solaris 2.6 (SunOS 5.6)
Architecture: sun4
After making and installing krb5-1.0.6, I configured and installed the
master KDC and two slaves. The applications rsh, telnet, ksu, etc. all
worked as expected, with the exception of rlogin. Whenever a user attempted
to use rlogin a segmentation fault occured. I re-made rlogin with debug, and
run under the SUN Workshop debugger to find that a value of 29 was being
returned into "ospeed" in the krlogin module. Since only 21 entries were
to be found in the speeds array, an attempt to read past the end of speeds
was occuring. I modified (see below) the if statement that checked if the
ospeed value should be used directly or as a table lookup to use the ospeed
directly if the ospeed value was greater or equal to the number of entries
in speeds, rather than the original fixed value of 50.
Make and install on SUN/Solaris 2.6 using the SUN C Workshop compiler. Find
below the configure command used:
*************
./configure --prefix=/opt/PBISkrb5 --localstatedir=/var --with-cc=/opt/SUNWspro/bin/cc --with-ccopts=-xO4 --with-krb4 --without-tcl --enable-shared
*************
*** appl/bsd/krlogin.c~ Mon May 10 20:33:00 1999
--- appl/bsd/krlogin.c Thu Aug 5 18:31:31 1999
***************
*** 517,523 ****
int ospeed = cfgetospeed (&ttyb);
(void) strcat(term, "/");
! if (ospeed >= 50)
/* On some systems, ospeed is the baud rate itself,
not a table index. */
sprintf (term + strlen (term), "%d", ospeed);
--- 517,526 ----
int ospeed = cfgetospeed (&ttyb);
(void) strcat(term, "/");
! /* this sometimes failed when speed was < 50 but greater than array */
! /* Changed by James A. Walker */
! /* if (ospeed >= 50) */
! if (ospeed >= sizeof(speeds)/sizeof(char *))
/* On some systems, ospeed is the baud rate itself,
not a table index. */
sprintf (term + strlen (term), "%d", ospeed);
State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Fri Jan 7 14:05:44 2000
State-Changed-Why:
From: Tom Yu <tlyu@MIT.EDU>
To: jw3251@pbis.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/740: Segmentation Fault in rlogin
Date: Fri, 7 Jan 2000 14:05:25 -0500 (EST)
Thanks for your bug report; this should have been fixed in krb5-1.1.
---Tom
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Mon Feb 5 18:25:38 2001
State-Changed-Why:
fixed long ago
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id WAA28078 for <bugs@RT-11.MIT.EDU>; Wed, 11 Aug 1999 22:47:27 -0400
Received: from news.ptes.com by MIT.EDU with SMTP
id AA24206; Wed, 11 Aug 99 22:47:39 EDT
Received: from delphi.pbis.com (delphi.pbis.com [138.112.197.231])
by news.ptes.com (8.8.7/8.8.7) with ESMTP id TAA10148
for <krb5-bugs@mit.edu>; Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
Received: (from jw3251@localhost)
by delphi.pbis.com (8.8.8+Sun/8.8.8) id TAA29292;
Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
Message-Id: <199908120247.TAA29292@delphi.pbis.com>
Date: Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
From: jw3251@pbis.com
Reply-To: jw3251@pbis.com
To: krb5-bugs@MIT.EDU
Subject: Segmentation Fault in rlogin
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 740
>Category: krb5-appl
>Synopsis: Segmentation Fault in rlogin
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Aug 11 22:48:01 EDT 1999
>Last-Modified: Mon Feb 5 18:25:52 EST 2001
>Originator: James A. Walker
>Organization:
Pacific Bell Information Services>Category: krb5-appl
>Synopsis: Segmentation Fault in rlogin
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Aug 11 22:48:01 EDT 1999
>Last-Modified: Mon Feb 5 18:25:52 EST 2001
>Originator: James A. Walker
>Organization:
Show quoted text
>Release: krb5-1.0.6
>Environment:
>Environment:
System: SunOS delphi 5.6 Generic_105181-15 sun4u sparc SUNW,Ultra-2
Machine: SUN UltraSPARC-2
OS: SUN Solaris 2.6 (SunOS 5.6)
Target: SUN UltraSPARC-2, SUN Solaris 2.6 (SunOS 5.6)
Architecture: sun4
Show quoted text
>Description:
After making and installing krb5-1.0.6, I configured and installed the
master KDC and two slaves. The applications rsh, telnet, ksu, etc. all
worked as expected, with the exception of rlogin. Whenever a user attempted
to use rlogin a segmentation fault occured. I re-made rlogin with debug, and
run under the SUN Workshop debugger to find that a value of 29 was being
returned into "ospeed" in the krlogin module. Since only 21 entries were
to be found in the speeds array, an attempt to read past the end of speeds
was occuring. I modified (see below) the if statement that checked if the
ospeed value should be used directly or as a table lookup to use the ospeed
directly if the ospeed value was greater or equal to the number of entries
in speeds, rather than the original fixed value of 50.
Show quoted text
>How-To-Repeat:
Make and install on SUN/Solaris 2.6 using the SUN C Workshop compiler. Find
below the configure command used:
*************
./configure --prefix=/opt/PBISkrb5 --localstatedir=/var --with-cc=/opt/SUNWspro/bin/cc --with-ccopts=-xO4 --with-krb4 --without-tcl --enable-shared
*************
Show quoted text
>Fix:
*** appl/bsd/krlogin.c~ Mon May 10 20:33:00 1999
--- appl/bsd/krlogin.c Thu Aug 5 18:31:31 1999
***************
*** 517,523 ****
int ospeed = cfgetospeed (&ttyb);
(void) strcat(term, "/");
! if (ospeed >= 50)
/* On some systems, ospeed is the baud rate itself,
not a table index. */
sprintf (term + strlen (term), "%d", ospeed);
--- 517,526 ----
int ospeed = cfgetospeed (&ttyb);
(void) strcat(term, "/");
! /* this sometimes failed when speed was < 50 but greater than array */
! /* Changed by James A. Walker */
! /* if (ospeed >= 50) */
! if (ospeed >= sizeof(speeds)/sizeof(char *))
/* On some systems, ospeed is the baud rate itself,
not a table index. */
sprintf (term + strlen (term), "%d", ospeed);
Show quoted text
>Audit-Trail:
State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Fri Jan 7 14:05:44 2000
State-Changed-Why:
From: Tom Yu <tlyu@MIT.EDU>
To: jw3251@pbis.com
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/740: Segmentation Fault in rlogin
Date: Fri, 7 Jan 2000 14:05:25 -0500 (EST)
Thanks for your bug report; this should have been fixed in krb5-1.1.
---Tom
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Mon Feb 5 18:25:38 2001
State-Changed-Why:
fixed long ago
Show quoted text
>Unformatted: