[krbdev.mit.edu #3180] errors reading AS-REP on systems with large numbers of interfaces

The RT System itself via RT rt-comment at krbdev.mit.edu
Thu Sep 15 13:27:25 EDT 2005 

>From krb5-bugs-incoming-bounces at PCH.mit.edu  Thu Sep 15 13:27:20 2005
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
	id NAA05806; Thu, 15 Sep 2005 13:27:20 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j8FHQmpx026304
	for <krb5-send-pr at krbdev.mit.edu>; Thu, 15 Sep 2005 13:26:48 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
	[18.7.21.83])
	by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id j8ENtnpx019107
	for <krb5-bugs-incoming at PCH.mit.edu>; Wed, 14 Sep 2005 19:55:49 -0400
Received: from mx1.redhat.com (mx1.redhat.com [66.187.233.31])
	j8ENthqP002430
	for <krb5-bugs at mit.edu>; Wed, 14 Sep 2005 19:55:44 -0400 (EDT)
Received: from int-mx1.corp.redhat.com (int-mx1.corp.redhat.com
	[172.16.52.254])
	by mx1.redhat.com (8.12.11/8.12.11) with ESMTP id j8ENthvm009635
	for <krb5-bugs at mit.edu>; Wed, 14 Sep 2005 19:55:43 -0400
Received: from devserv.devel.redhat.com (devserv.devel.redhat.com
	[172.16.58.1])
	by int-mx1.corp.redhat.com (8.11.6/8.11.6) with ESMTP id j8ENthV01125
	for <krb5-bugs at mit.edu>; Wed, 14 Sep 2005 19:55:43 -0400
Received: from blade.boston.redhat.com (blade.boston.redhat.com
	[172.16.80.50])j8ENthVn026009
	for <krb5-bugs at mit.edu>; Wed, 14 Sep 2005 19:55:43 -0400
Received: from blade.boston.redhat.com (localhost.localdomain [127.0.0.1])
	j8ENtgCH022094
	for <krb5-bugs at mit.edu>; Wed, 14 Sep 2005 19:55:43 -0400
Received: (from nalin at localhost)
	by blade.boston.redhat.com (8.13.4/8.13.4/Submit) id j8ENtg6O022093;
	Wed, 14 Sep 2005 19:55:42 -0400
Date: Wed, 14 Sep 2005 19:55:42 -0400
Message-Id: <200509142355.j8ENtg6O022093 at blade.boston.redhat.com>
To: krb5-bugs at mit.edu
From: nalin at redhat.com
X-send-pr-version: 3.99
X-Spam-Score: -1.367
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Thu, 15 Sep 2005 13:26:46 -0400
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1
Precedence: list
Reply-To: nalin at redhat.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu


>Submitter-Id:	net
>Originator:	Nalin Dahyabhai
>Organization:
>Confidential:	no
>Synopsis:	errors reading AS-REP on systems with large numbers of interfaces
>Severity:	non-critical
>Priority:	medium
>Category:	krb5-libs
>Class:		sw-bug
>Release:	1.4.2
>Environment:
	
System: Linux blade.boston.redhat.com 2.6.13-1.1542_FC5smp #1 SMP Tue Sep 6 19:13:02 EDT 2005 i686 athlon i386 GNU/Linux
Architecture: i686

>Description:
	On a system with a large number of network interfaces (I've done
	this with Linux and 250 network aliases on eth0) with the "noaddresses"
	option disabled, the default value of MAX_DGRAM_SIZE, which is used to
	allocate the buffer which is used to read the KDC's response in
	krb5_sendto_kdc(), is just not large enough to hold the entire response
	from the KDC.  There's no way to change this without recompiling the
	library and all statically-linked applications.
>How-To-Repeat:
	On a Linux client with a working ethernet interface, turn off the
	"noaddresses" option, run this script as a superuser:
		#!/bin/sh
		iface=0
		while test $iface -lt 250 ; do
			ifconfig eth0:$iface 10.0.0.$iface netmask 255.255.255.0 up
			iface=`expr $iface + 1`
		done
	and then attempt to get a TGT with kinit.
>Fix:
	I'd suggest adding a libdefaults option to allow this to be tuned,
	with the default being the value of MAX_DGRAM_SIZE.  While this doesn't
	guarantee the correct behavior, it adds a simple workaround for systems
	which run into this problem.

--- krb5/src/lib/krb5/os/osconfig.c
+++ krb5/src/lib/krb5/os/osconfig.c
@@ -36,7 +36,7 @@
 
 char *krb5_defkeyname  = DEFAULT_KEYTAB_NAME;
 
-unsigned int krb5_max_dgram_size = MAX_DGRAM_SIZE;
+unsigned int krb5_max_dgram_size = -1;
 unsigned int krb5_max_skdc_timeout = MAX_SKDC_TIMEOUT;
 unsigned int krb5_skdc_timeout_shift = SKDC_TIMEOUT_SHIFT;
 unsigned int krb5_skdc_timeout_1 = SKDC_TIMEOUT_1;
--- krb5-1.4.2/src/lib/krb5/os/sendto_kdc.c	2005-07-20 18:52:33.000000000 -0400
+++ krb5-1.4.2/src/lib/krb5/os/sendto_kdc.c	2005-09-14 19:35:31.000000000 -0400
@@ -1043,6 +1043,16 @@
 
     dprint("krb5int_sendto(message=%d@%p)\n", message->length, message->data);
 
+    if (krb5_max_dgram_size < 0) {
+       int tmp;
+       tmp = profile_get_integer(context->profile,
+                                 "libdefaults", "max_dgram_size", NULL,
+                                 MAX_DGRAM_SIZE, &krb5_max_dgram_size);
+       if ((tmp != 0) || (krb5_max_dgram_size < 0)) {
+           krb5_max_dgram_size = MAX_DGRAM_SIZE;
+       }
+    }
+
     reply->data = 0;
     reply->length = 0;

More information about the krb5-bugs mailing list