krb5 commit [krb5-1.12]: Fix GSS krb5 initial sequence number gap handling
Tom Yu
tlyu at MIT.EDU
Thu Jun 26 17:40:58 EDT 2014
https://github.com/krb5/krb5/commit/f12b6e40ec0e0a31d5fe441ae52c507c417246b8
commit f12b6e40ec0e0a31d5fe441ae52c507c417246b8
Author: Tomas Kuthan <tkuthan at gmail.com>
Date: Thu Mar 6 13:05:24 2014 +0100
Fix GSS krb5 initial sequence number gap handling
Since #2040, the dummy queue element inserted by g_order_init no
longer compares less than the initial sequence number, so we fail when
the first few sequence numbers are received out of order. Properly
detect when a sequence number fits between the dummy element and the
first real queue element.
[ghudson at mit.edu: rewrote commit message]
(cherry picked from commit 13a9cb721194c8aa4ccf6ed6ef23e3ac8dd24037)
ticket: 7872
version_fixed: 1.12.2
status: resolved
src/lib/gssapi/generic/util_ordering.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/src/lib/gssapi/generic/util_ordering.c b/src/lib/gssapi/generic/util_ordering.c
index 95609a9..56cd84a 100644
--- a/src/lib/gssapi/generic/util_ordering.c
+++ b/src/lib/gssapi/generic/util_ordering.c
@@ -195,6 +195,21 @@ g_order_check(void **vqueue, gssint_uint64 seqnum)
return(GSS_S_UNSEQ_TOKEN);
}
}
+ /*
+ * Exception: if first token arrived out-of-order.
+ * In that case first two elements in queue are 0xFFFFFFFF and some k,
+ * where k > seqnum. We need to insert seqnum before k.
+ * We check this after the for-loop, because this should be rare.
+ */
+ if ((QELEM(q, q->start) == (((uint64_t)0 - 1) & q->mask)) &&
+ ((QELEM(q, q->start + 1) > seqnum))) {
+ queue_insert(q, q->start, seqnum);
+ if (q->do_replay && !q->do_sequence)
+ return(GSS_S_COMPLETE);
+ else
+ return(GSS_S_UNSEQ_TOKEN);
+
+ }
}
/* this should never happen */
More information about the cvs-krb5
mailing list