[krbdev.mit.edu #2266] wrap_size_limit broken for CFX

Ken Raeburn via RT rt-comment at krbdev.mit.edu
Fri Feb 20 15:40:33 EST 2004 

Good catch.  I think the subtraction of 64K after this (commented
"While testing only!") will cover up for the bug (except about 1/4096
of the time when CFX_EXERCISE is defined), but it should still be
fixed.

"Wyllys Ingersoll via RT" <rt-comment at krbdev.mit.edu> writes:
> There are 2 small problems in the wrap_size_limit function
> when dealing with cfx->proto==1 and conf_req_flag is set.
>
> Line 113:
> if (conf_req_flag) {
>     while (sz > 0 &&
>            krb5_encrypt_size(sz, ctx->enc->enctype) + 16 >
>                              req_output_size)
>  	   sz--;
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> SHOULD BE: sz--;
>            krb5_encrypt_size(sz, ctx->enc->enctype) + 32 >
>                              req_output_size)
>            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Actually, an extra 16 bytes in the input doesn't necessarily
translate to an extra 16 bytes in the output, so I think we want to
use 16 here, and then subtract 16 after this loop.

> The token header is included twice in the output token,
> but its not counted as part of krb5_encrypt_size, so you 
> must account for it twice when computing the wrap size.

Yep.

> Also, decrement the sz counter before calculating the size to avoid
> an off-by-1 error at the end.
>
> For example:
> req_output_size = 1076 should result in a 'wrap_size' of 1016.
>
> putting the sz-- at the end of the loop yields a wrap_size of 1015.

Huh.  For some reason, I'm having trouble seeing it.

Instrumenting the 1.3 branch code and running one of our tests, I get
an input size of 1048576 yielding an output size of 982997.  That's
65579 bytes difference, 65535 for potential EC field padding (for the
testing that's not currently enabled, except the compensation for it
isn't properly conditionalized) plus 16 bytes for the token header
plus 12 for the AES checksum plus 16 for the confounder, and missing
the 16 bytes for the encrypted copy of the header.

Actually, with the EC field hackery in there, I'm suprised you don't
get 0 for a req_output_size so small.

Ken

More information about the krb5-bugs mailing list