krb5 commit [krb5-1.11]: Fix GSS krb5 initial sequence number gap handling
Tom Yu
tlyu at mit.edu
Fri Feb 6 17:26:57 EST 2015
https://github.com/krb5/krb5/commit/8857ae0e66dbaa705dec27b782f190f0163a529f
commit 8857ae0e66dbaa705dec27b782f190f0163a529f
Author: Tomas Kuthan <tkuthan at gmail.com>
Date: Thu Mar 6 13:05:24 2014 +0100
Fix GSS krb5 initial sequence number gap handling
Since #2040, the dummy queue element inserted by g_order_init no
longer compares less than the initial sequence number, so we fail when
the first few sequence numbers are received out of order. Properly
detect when a sequence number fits between the dummy element and the
first real queue element.
[ghudson at mit.edu: rewrote commit message]
(cherry picked from commit 13a9cb721194c8aa4ccf6ed6ef23e3ac8dd24037)
ticket: 8094 (new)
version_fixed: 1.11.6
status: resolved
src/lib/gssapi/generic/util_ordering.c | 15 +++++++++++++++
1 files changed, 15 insertions(+), 0 deletions(-)
diff --git a/src/lib/gssapi/generic/util_ordering.c b/src/lib/gssapi/generic/util_ordering.c
index 95609a9..56cd84a 100644
--- a/src/lib/gssapi/generic/util_ordering.c
+++ b/src/lib/gssapi/generic/util_ordering.c
@@ -195,6 +195,21 @@ g_order_check(void **vqueue, gssint_uint64 seqnum)
return(GSS_S_UNSEQ_TOKEN);
}
}
+ /*
+ * Exception: if first token arrived out-of-order.
+ * In that case first two elements in queue are 0xFFFFFFFF and some k,
+ * where k > seqnum. We need to insert seqnum before k.
+ * We check this after the for-loop, because this should be rare.
+ */
+ if ((QELEM(q, q->start) == (((uint64_t)0 - 1) & q->mask)) &&
+ ((QELEM(q, q->start + 1) > seqnum))) {
+ queue_insert(q, q->start, seqnum);
+ if (q->do_replay && !q->do_sequence)
+ return(GSS_S_COMPLETE);
+ else
+ return(GSS_S_UNSEQ_TOKEN);
+
+ }
}
/* this should never happen */
More information about the cvs-krb5
mailing list