[krbdev.mit.edu #5947] FFM.EXAMPLE.ORG -> M.EXAMPLE.ORG broken
Volker.Lendecke@SerNet.DE via RT
rt-comment at krbdev.mit.edu
Wed Jul 16 03:47:56 EDT 2008
On Tue, Jul 15, 2008 at 07:58:54PM -0400, Ken Raeburn via RT wrote:
> The supplied patch tests conditions which I think will always be true -- that the ccp-com_cdot
> and scp-com_sdot offsets are the same. So I think it's really only breaking out of the loop when
> slen and/or clen are 1 and therefore about to be decremented to 0, which would break out of
> the loop, but only after the decrements of clen, slen, ccp, and scp. The patch quits the loop
> without those decrements, which changes the code paths following that check for slen==0 or
> clen==0.
>
> This causes a different result if the client and server realms supplied are the same (current
> code: return KRB5_NO_TKT_IN_RLM; with patch: walk up and down the realm tree).
>
> It also causes different results if one realm is above or below the other in the hierarchy, e.g.,
> A.EXAMPLE.COM and EXAMPLE.COM.
>
> I've added a test script on the trunk that should exercise this code a bit...
Sorry to reply by EMail, I don't see a way to comment on the
bug inside the trouble ticket system.
Thanks for looking at the bug. Are you saying that my patch
breaks other setups?
At my customer's site it does work, also for subrealms which
have different lengths in the subrealm part of EXAMPLE.COM.
Volker
More information about the krb5-bugs
mailing list