[krbdev.mit.edu #6049] krb5_ktfile_get_entry() not dealing with enctype arg properly
The RT System itself via RT
rt-comment at krbdev.mit.edu
Wed Jul 23 17:41:38 EDT 2008
>From krb5-bugs-incoming-bounces at PCH.MIT.EDU Wed Jul 23 17:41:32 2008
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.12.9) with ESMTP
id m6NLfWo4020151; Wed, 23 Jul 2008 17:41:32 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m6NLfRb2024830;
Wed, 23 Jul 2008 17:41:27 -0400
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU
[18.7.7.76])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m6NLfQOG024827
for <krb5-bugs-incoming at PCH.mit.edu>; Wed, 23 Jul 2008 17:41:26 -0400
Received: from mit.edu (M24-004-BARRACUDA-1.MIT.EDU [18.7.7.111])
by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id
m6NLfGSG028229
for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 17:41:16 -0400 (EDT)
Received: from brmea-mail-3.sun.com (brmea-mail-3.sun.com [192.18.98.34])
by mit.edu (Spam Firewall) with ESMTP id 6A3FAA533B3
for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 17:41:14 -0400 (EDT)
Received: from dm-central-02.central.sun.com ([129.147.62.5])
by brmea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id
m6NLfEeQ020289 for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 21:41:14 GMT
Received: from alton.central.sun.com (alton.Central.Sun.COM [129.153.128.101])
by dm-central-02.central.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,
v2.2) with ESMTP id m6NLfDt6046654
for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 15:41:14 -0600 (MDT)
Received: from alton.central.sun.com (localhost [127.0.0.1])
by alton.central.sun.com (8.14.2+Sun/8.14.2) with ESMTP id
m6NLXiJd026078
for <krb5-bugs at mit.edu>; Wed, 23 Jul 2008 16:33:44 -0500 (CDT)
Received: (from willf at localhost)
by alton.central.sun.com (8.14.2+Sun/8.14.2/Submit) id m6NLXirJ026077
for krb5-bugs at mit.edu; Wed, 23 Jul 2008 16:33:44 -0500 (CDT)
Date: Wed, 23 Jul 2008 16:33:44 -0500
From: Will Fiveash <William.Fiveash at Sun.COM>
To: krb5-bugs at mit.edu
Message-ID: <20080723213344.GA26070 at sun.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.17 (2007-11-01)
X-Spam-Score: 2.29
X-Spam-Level: ** (2.29)
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Sender: krb5-bugs-incoming-bounces at PCH.MIT.EDU
Errors-To: krb5-bugs-incoming-bounces at PCH.MIT.EDU
>Submitter-Id: net
>Originator: William Fiveash
>Organization:
Sun Microsystems
>Confidential: no
>Synopsis: krb5_ktfile_get_entry() not dealing with enctype arg properly
>Severity: serious
>Priority: medium
>Category: krb5-libs
>Class: sw-bug
>Release: krb5-1.6.3
>Environment:
System: SunOS alton 5.11 snv_88 i86pc i386 i86pc
Architecture: i86pc
>Description:
In krb5_ktfile_get_entry() there is this code:
/* if the enctype is not ignored and doesn't match, free new_entry
and continue to the next */
if (enctype != IGNORE_ENCTYPE) {
if ((kerror = krb5_c_enctype_compare(context, enctype,
new_entry.key.enctype,
&similar))) {
krb5_kt_free_entry(context, &new_entry);
break;
}
Seems to me the break; should actually be continue; in the case that the
keytab has an entry with an unknown enctype.
A refinement to this would be to verify that the enctype input arg is a
valid enctype early on.
>How-To-Repeat:
Create a keytab with an unsupported enctype followed by a supported
enctype then try to get a key with the supported enctype.
>Fix:
--- ./lib/krb5/keytab/kt_file.c Wed Jul 23 13:35:30 2008
+++ /tmp/kt_file.c Wed Jul 23 16:08:47 2008
@@ -333,7 +333,7 @@
new_entry.key.enctype,
&similar))) {
krb5_kt_free_entry(context, &new_entry);
- break;
+ continue;
}
if (!similar) {
More information about the krb5-bugs
mailing list