[krbdev.mit.edu #6312] kg_ctx_internalize() gets some ordering wrong

Tom Yu via RT rt-comment at krbdev.mit.edu
Fri Jan 2 21:52:29 EST 2009 

Return-Path: <krbdev-bounces at MIT.EDU>
Received: from po9.mit.edu ([unix socket])
	by po9.mit.edu (Cyrus v2.1.5) with LMTP; Wed, 24 Dec 2008 01:15:07 -0500
X-Sieve: CMU Sieve 2.2
Received: from central-city-carrier-station.mit.edu by po9.mit.edu
	(8.13.6/4.7) id mBO6F6Ym021388; Wed, 24 Dec 2008 01:15:06 -0500 (EST)
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90])
	by central-city-carrier-station.mit.edu (8.13.6/8.9.2) with ESMTP id
	mBO6Ev5i003458; Wed, 24 Dec 2008 01:14:58 -0500 (EST)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mBO6EvDu005698;
	Wed, 24 Dec 2008 01:14:57 -0500
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.13.6/8.12.8) with ESMTP id mBO6EvWU005692
	for <krbdev at PCH.mit.edu>; Wed, 24 Dec 2008 01:14:57 -0500
Received: from mit.edu (M24-004-BARRACUDA-3.MIT.EDU [18.7.7.114])
	by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
	mBO6EVL1003975
	for <krbdev at mit.edu>; Wed, 24 Dec 2008 01:14:31 -0500 (EST)
Received: from mail-fx0-f20.google.com (mail-fx0-f20.google.com
	[209.85.220.20])
	by mit.edu (Spam Firewall) with ESMTP id B93BC123F6B3
	for <krbdev at mit.edu>; Wed, 24 Dec 2008 01:14:10 -0500 (EST)
Received: by fxm13 with SMTP id 13so614100fxm.6
	for <krbdev at mit.edu>; Tue, 23 Dec 2008 22:14:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:received:received:message-id:date:from:to
	:subject:mime-version:content-type;
	bh=cAnXg3u8XqTrzj7rHwMwElhj5+qzPXOII6aU7zZxkbQ=;
	b=f1Bl+NpLY9x7AlBbsd62E+tNnAAZ2/Z3b3jH/IYGoXAg9GB0R61fCALXBfDg4Zfcy9
	7eElfqOwOqr8VMuq5H3pwvXXxwwjETkwvrMAQ6k5W77znBPiGSt3uFY75YDkZCE49CAB
	qrkv0hIBd2Yf1OuFcw5UxTXhPN5SfwdGRwoeI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=message-id:date:from:to:subject:mime-version:content-type;
	b=EERXjN49K2Cx+nLvFgQKHBsMgx5xU46Lq2zYtcAetn76CtW0LNX4B0zxBR4S520qv9
	ExQx5GCNxu8Kgi9fS4/3GMfkUwNgNt+0KOcjhkYYWub/+HIEGWa5FIfXcjzBKw4hOU/z
	YgOD3wqtjPsmKVWZl3m8cYZ9pvqW2eA2iYY08=
Received: by 10.181.33.8 with SMTP id l8mr3008733bkj.155.1230097741214;
	Tue, 23 Dec 2008 21:49:01 -0800 (PST)
Received: by 10.181.22.19 with HTTP; Tue, 23 Dec 2008 21:49:01 -0800 (PST)
Message-ID: <9549b1d80812232149k375130cic12bed9585025add at mail.gmail.com>
Date: Wed, 24 Dec 2008 11:19:01 +0530
From: "Sachin Punadikar" <punadikar.sachin at gmail.com>
To: krbdev at mit.edu
Subject: Possible bug in "kg_ctx_internalize()" function in MIT 1.6.3
X-Spam-Score: -2.599
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Content-Filtered-By: Mailman/MimeDel 2.1.6
X-BeenThere: krbdev at mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: Kerberos Developers Mailing List <krbdev.mit.edu>
List-Unsubscribe: <https://mailman.mit.edu/mailman/listinfo/krbdev>,
	<mailto:krbdev-request at mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/krbdev>
List-Post: <mailto:krbdev at mit.edu>
List-Help: <mailto:krbdev-request at mit.edu?subject=help>
List-Subscribe: <https://mailman.mit.edu/mailman/listinfo/krbdev>,
	<mailto:krbdev-request at mit.edu?subject=subscribe>
Sender: krbdev-bounces at MIT.EDU
Errors-To: krbdev-bounces at MIT.EDU
Lines: 53
MIME-Version: 1.0

Hi,
I think, people  from krbdev mailing list might have answer to below
Awaiting clarification.
Thanks.
- Sachin

---------- Forwarded message ----------
From: Sachin Punadikar <punadikar.sachin at gmail.com>
Date: Mon, Dec 1, 2008 at 3:33 PM
Subject: kg_ctx_internalize() function in MIT 1.6.3
To: kerberos at mit.edu


Hello,

I was going through the gssapi  MIT krb1.6.3 code and I feel there is a
possible bug in kg_ctx_internalize() function defined in
src/lib/gssapi/krb5/ser_sctx.c file.

As I understand the function should unpack entities in the same order in
which they were packed by kg_ctx_externalize() function. But it misses the
order while unpacking the last two structure variables as shown below. Since
acceptor_subkey_cksumtype  was packed before cred_rcache and also occurs
before in the _krb5_gss_cred_id_rec structure definition,
acceptor_subkey_cksumtype should be unpacked BEFORE cred_rcache, else the
values will get swapped.

Current Code in  kg_ctx_internalize() function:

        if (!kret)
        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
        ctx->cred_rcache = ibuf;
        if (!kret)
        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
        ctx->acceptor_subkey_cksumtype = ibuf;

Proposed Code in  kg_ctx_internalize() function with change in sequence
while unpacking:

    if (!kret)
        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
        ctx->acceptor_subkey_cksumtype = ibuf;
        if (!kret)
        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
        ctx->cred_rcache = ibuf;


Kindly let me know if this is valid.

- Sachin
_______________________________________________
krbdev mailing list             krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krb5-bugs mailing list