[krbdev.mit.edu #2234] kdc_util.c bug - validate_tgs_request clears all kdc_options
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Thu Feb 12 14:04:04 EST 2004
On Thu, 2004-02-12 at 13:30, ""Jeffrey Altman [Kermit Project]" via RT"
wrote:
> Wyllys Ingersoll via RT wrote:
>
> >The new code in kdc_util.c
> >
> > request->kdc_options &= ~(TGS_OPTIONS_HANDLED);
> >
> >Actually causes clears the kdc_options field of all
> >handled options, which (in most cases) zeros the field.
> >This is probably not intended...
> >
> >To properly disable unrecognized flags, I think you need
> >to do something like this:
> >
> >badflags = (request->kdc_options & ~(TGS_OPTIONS_HANDLED));
> >request->kdc_options &= ~badflags;
> >
> >-Wyllys
> >
> >
> Shouldn't this simply be?
>
> request->kdc_options &= TGS_OPTIONS_HANDLED;
er, yup. That'll work too, I was thinking in reverse :)
Though, the original suggestion might be OK if you wanted
to log a message to indicate what unsupported flags were received.
-Wyllys
More information about the krb5-bugs
mailing list