[krbdev.mit.edu #2545] SVN Commit
"Henry B. Hotz" via RT
rt-comment at krbdev.mit.edu
Fri Apr 27 18:13:11 EDT 2012
On Apr 27, 2012, at 10:04 AM, Greg Hudson via RT wrote:
> Ensure null termination of AFS salts
>
> Use krb5int_copy_data_contents_add0 when copying a pa-pw-salt or
> pa-afs3-salt value in pa_salt(). If it's an afs3-salt, we're going to
> throw away the length and use strcspn in krb5int_des_string_to_key,
> which isn't safe if the value is unterminated.
>
> http://src.mit.edu/fisheye/changelog/krb5/?cs=25833
> Commit By: ghudson
> Revision: 25833
> Changed Files:
> U trunk/src/lib/krb5/krb/preauth2.c
I'm guessing that this resolves the old problem with AFS-salted passwords longer than 8 characters?
Don't get me wrong, if something's in the code it ought to be correct, or removed, so good! However we will have eliminated Kerberos 4 by the end of May, and with luck I expect to eliminate single-DES within a month or two after that (except for some service principals like "afs at JPL.NASA.GOV". At that point I, personally, won't care any more.
------------------------------------------------------
The opinions expressed in this message are mine,
not those of Caltech, JPL, NASA, or the US Government.
Henry.B.Hotz at jpl.nasa.gov, or hbhotz at oxy.edu
More information about the krb5-bugs
mailing list