[krbdev.mit.edu #2738] krb5int_sendto should look for expected message types
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Tue Oct 12 23:58:39 EDT 2004
On Oct 12, 2004, at 18:02, Sam Hartman wrote:
> Why is this a bug? It seems like you may get unpredictable behavior
> if you configure things as the tests are doing. Why do we want to
> introduce complexity to work around this situation? ALso, won't
> introducing this complexity mask reflections in other less explainable
> circumstances.?
I can think of one or two real-world situations where we might benefit
from this change, but generally it's about certain active
denial-of-service type attacks. Not the intense "swamp the application
with packets" type, but the "drop in a magic message and the client
breaks" type. Neither of which we really do anything about right now,
so I don't expect it to be a priority. But config file errors aren't
the only way this could come up. Well, reflections, probably, but
unexpected or unknown message types can come up for other reasons.
Ken
More information about the krb5-bugs
mailing list