Skip Menu |

Download (untitled) / with headers
text/plain 3.9KiB
From Wed Aug 11 22:47:28 1999
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU []) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id WAA28078 for <bugs@RT-11.MIT.EDU>; Wed, 11 Aug 1999 22:47:27 -0400
Received: from by MIT.EDU with SMTP
id AA24206; Wed, 11 Aug 99 22:47:39 EDT
Received: from ( [])
by (8.8.7/8.8.7) with ESMTP id TAA10148
for <>; Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
Received: (from jw3251@localhost)
by (8.8.8+Sun/8.8.8) id TAA29292;
Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
Message-Id: <>
Date: Wed, 11 Aug 1999 19:47:25 -0700 (PDT)
To: krb5-bugs@MIT.EDU
Subject: Segmentation Fault in rlogin
X-Send-Pr-Version: 3.99

Show quoted text
>Number: 740
>Category: krb5-appl
>Synopsis: Segmentation Fault in rlogin
>Confidential: no
>Severity: critical
>Priority: low
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Aug 11 22:48:01 EDT 1999
>Last-Modified: Mon Feb 5 18:25:52 EST 2001
>Originator: James A. Walker
Pacific Bell Information Services
Show quoted text
>Release: krb5-1.0.6

System: SunOS delphi 5.6 Generic_105181-15 sun4u sparc SUNW,Ultra-2
Machine: SUN UltraSPARC-2
OS: SUN Solaris 2.6 (SunOS 5.6)
Target: SUN UltraSPARC-2, SUN Solaris 2.6 (SunOS 5.6)
Architecture: sun4

Show quoted text

After making and installing krb5-1.0.6, I configured and installed the
master KDC and two slaves. The applications rsh, telnet, ksu, etc. all
worked as expected, with the exception of rlogin. Whenever a user attempted
to use rlogin a segmentation fault occured. I re-made rlogin with debug, and
run under the SUN Workshop debugger to find that a value of 29 was being
returned into "ospeed" in the krlogin module. Since only 21 entries were
to be found in the speeds array, an attempt to read past the end of speeds
was occuring. I modified (see below) the if statement that checked if the
ospeed value should be used directly or as a table lookup to use the ospeed
directly if the ospeed value was greater or equal to the number of entries
in speeds, rather than the original fixed value of 50.
Show quoted text

Make and install on SUN/Solaris 2.6 using the SUN C Workshop compiler. Find
below the configure command used:
./configure --prefix=/opt/PBISkrb5 --localstatedir=/var --with-cc=/opt/SUNWspro/bin/cc --with-ccopts=-xO4 --with-krb4 --without-tcl --enable-shared
Show quoted text

*** appl/bsd/krlogin.c~ Mon May 10 20:33:00 1999
--- appl/bsd/krlogin.c Thu Aug 5 18:31:31 1999
*** 517,523 ****
int ospeed = cfgetospeed (&ttyb);

(void) strcat(term, "/");
! if (ospeed >= 50)
/* On some systems, ospeed is the baud rate itself,
not a table index. */
sprintf (term + strlen (term), "%d", ospeed);
--- 517,526 ----
int ospeed = cfgetospeed (&ttyb);

(void) strcat(term, "/");
! /* this sometimes failed when speed was < 50 but greater than array */
! /* Changed by James A. Walker */
! /* if (ospeed >= 50) */
! if (ospeed >= sizeof(speeds)/sizeof(char *))
/* On some systems, ospeed is the baud rate itself,
not a table index. */
sprintf (term + strlen (term), "%d", ospeed);
Show quoted text

State-Changed-From-To: open-feedback
State-Changed-By: tlyu
State-Changed-When: Fri Jan 7 14:05:44 2000

From: Tom Yu <tlyu@MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-appl/740: Segmentation Fault in rlogin
Date: Fri, 7 Jan 2000 14:05:25 -0500 (EST)

Thanks for your bug report; this should have been fixed in krb5-1.1.


State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Mon Feb 5 18:25:38 2001

fixed long ago

Show quoted text