[krbdev.mit.edu #2258] bug in fakeka.c

The RT System itself via RT rt-comment at krbdev.mit.edu
Wed Feb 18 16:58:55 EST 2004 

>From thomas at pongo.cs.wisc.edu  Wed Feb 18 16:58:52 2004
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by krbdev.mit.edu (8.9.3p2) with ESMTP
	id QAA00950; Wed, 18 Feb 2004 16:58:52 -0500 (EST)
Received: from pongo.cs.wisc.edu (pongo.cs.wisc.edu [128.105.162.13])
	by fort-point-station.mit.edu (8.12.4/8.9.2) with ESMTP id i1ILwp2x028881
	for <krb5-bugs at mit.edu>; Wed, 18 Feb 2004 16:58:51 -0500 (EST)
Received: (from thomas at localhost)
	by pongo.cs.wisc.edu (8.9.2/8.9.2) id PAA23425;
	Wed, 18 Feb 2004 15:58:06 -0600 (CST)
Date: Wed, 18 Feb 2004 15:58:06 -0600 (CST)
From: David Thompson <thomas at cs.wisc.edu>
Message-Id: <200402182158.PAA23425 at pongo.cs.wisc.edu>
To: krb5-bugs at mit.edu
Reply-To: thomas at cs.wisc.edu
Cc: 
X-send-pr-version: 3.99


>Submitter-Id:	net
>Originator:	David Thompson
>Organization:
Dave Thompson  <thomas at cs.wisc.edu>

Associate Researcher                    Department of Computer Science
University of Wisconsin-Madison         http://www.cs.wisc.edu/~thomas
1210 West Dayton Street                 Phone:    (608)-262-1017
Madison, WI 53706-1685                  Fax:      (608)-262-6626
--
>Confidential:	no
>Synopsis:	bug in fakeka.c
>Severity:      serious
>Priority:      medium
>Category:	krb5-kdc
>Class:		sw-bug
>Release:	krb5-1.3.1
>Environment:
	--any--
System: Linux pongo.cs.wisc.edu 2.4.20-28.9smp #1 SMP Thu Dec 18 13:37:36 EST 2003 i686 i686 i386 GNU/Linux
Architecture: i686

>Description:
	The fakeka utility has a bad memcpy statement that causes
	a ka-forwarder to send the return packet to ip 0.0.0.0/0 instead
	of the original sender of the auth request.

>How-To-Repeat:
	Set up a ka-forwarder/fakeka combination and klog.


>Fix:

Index: fakeka.c
===================================================================
RCS file: /s/krb5-1.3.1/src/CVSROOT/krb5-1.3.1/src/kdc/fakeka.c,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 fakeka.c
--- fakeka.c	3 Oct 2003 14:04:02 -0000	1.1.1.1
+++ fakeka.c	18 Feb 2004 21:43:48 -0000
@@ -1361,7 +1361,7 @@
 	    /*
 	     * copy the forwarder header and adjust the bases and lengths.
 	     */
-	    memcpy(reply.data, reply.data, HEADER_LEN);
+	    memcpy(reply.data, req.data, HEADER_LEN);
 	    req.base += HEADER_LEN;
 	    req.len -= HEADER_LEN;
 	    reply.base += HEADER_LEN;

More information about the krb5-bugs mailing list