[krbdev.mit.edu #2266] wrap_size_limit broken for CFX
Wyllys Ingersoll via RT
rt-comment at krbdev.mit.edu
Fri Feb 20 13:29:04 EST 2004
There are 2 small problems in the wrap_size_limit function
when dealing with cfx->proto==1 and conf_req_flag is set.
Line 113:
if (conf_req_flag) {
while (sz > 0 &&
krb5_encrypt_size(sz, ctx->enc->enctype) + 16 >
req_output_size)
sz--;
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
SHOULD BE: sz--;
krb5_encrypt_size(sz, ctx->enc->enctype) + 32 >
req_output_size)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
} else {
if (sz < 16 + ctx->cksum_size)
sz = 0;
else
sz -= (16 + ctx->cksum_size);
}
....
The token header is included twice in the output token,
but its not counted as part of krb5_encrypt_size, so you
must account for it twice when computing the wrap size.
Also, decrement the sz counter before calculating the size to avoid
an off-by-1 error at the end.
For example:
req_output_size = 1076 should result in a 'wrap_size' of 1016.
putting the sz-- at the end of the loop yields a wrap_size of 1015.
Not a fatal problem or anything, obviously, just a nit.
-Wyllys Ingersoll
More information about the krb5-bugs
mailing list