krb5-libs/1060: error in option processing of krb5_gss_accept_sec_context
Dan Riley
dsr at mail.lns.cornell.edu
Fri Feb 22 14:04:39 EST 2002
>Number: 1060
>Category: krb5-libs
>Synopsis: incorrect arg to TREAD_STR in option processing
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Feb 22 14:05:01 EST 2002
>Last-Modified:
>Originator: Dan Riley
>Organization:
LNS, Cornell U.
>Release: krb5-1.2.3
>Environment:
System: OSF1 lnscu6.lns.cornell.edu V4.0 1229 alpha
Machine: alpha
>Description:
krb5_gss_accept_sec_context has an argument error that should bite
if it there is more than one option to process.
>How-To-Repeat:
>Fix:
diff -ur krb5-1.2.3/src/lib/gssapi/krb5/accept_sec_context.c krb5/lib/gssapi/krb5/accept_sec_context.c
--- krb5-1.2.3/src/lib/gssapi/krb5/accept_sec_context.c Wed Jan 9 17:27:43 2002
+++ krb5/lib/gssapi/krb5/accept_sec_context.c Thu Dec 6 15:29:41 2001
@@ -456,16 +456,16 @@
i -= 4;
- /* have to use ptr2, since option.data is wrong type and
- macro uses ptr as both lvalue and rvalue */
-
if (i < option.length || option.length < 0) {
code = KG_BAD_LENGTH;
major_status = GSS_S_FAILURE;
goto fail;
}
- TREAD_STR(ptr, ptr2, bigend);
+ /* have to use ptr2, since option.data is wrong type and
+ macro uses ptr as both lvalue and rvalue */
+
+ TREAD_STR(ptr, ptr2, option.length);
option.data = (char FAR *) ptr2;
i -= option.length;
>Audit-Trail:
>Unformatted:
More information about the krb5-bugs
mailing list