[krbdev.mit.edu #2738] krb5int_sendto should look for expected message types

[Ken Raeburn via RT]

The Tru64 nightly tests have an interesting failure mode where in one of
the tests, which has some UDP ports listed for the KDC that it's not
actually listening on, the kernel assigns those port numbers to the
client process, causing the client to receive the KDC_REQ message it
thought it was sending to the KDC; this causes krb5int_sendto to return,
and the caller to report an incorrect message type.

I suspect the best fix to this may be to have krb5int_sendto examine the
received UDP message and decide whether to return it (KDC_REP or
KRB_ERROR) or ignore it (KDC_REQ, other) and continue receiving and
maybe retransmitting, or shut down the socket and continue with other
file descriptors (RESPONSE_TOO_BIG).  Of course, this analysis and these
actions are specific to the krb5 KDC exchange, and krb5int_sendto is
used in other exchanges, so caller-provided data (perhaps a callback?)
should guide it.

Investigate: Is the socket not connected?  Why does the packet not get
thrown away?  Maybe we're running into cases where two unused port
numbers collide, not just one?

What about TCP messages?  Perhaps should do something similar, as long
as the code is being written anyways.  Someone inserting junk into a TCP
exchange can terminate the connection just as easily, but we could still
let other exchanges keep going.  (Then again, an active attacker could
insert an error that normally we'd want to act on immediately.)

Quick fix?  Perhaps having the caller check for the incorrect message
type and try the exchange one more time.