Regarding "MIT krb5 Security Advisory 2005-002" fix
Sachin Punadikar
punadikar.sachin at gmail.com
Tue Sep 19 00:42:36 EDT 2006
Hello,
I was going through the fix towards "MIT krb5 Security Advisory 2005-002".
In the patch provided, the part of fix asks to do initialization of a
pointer called "response" as shown below.
===================================================================
RCS file: /cvs/krbdev/krb5/src/kdc/network.c,v
retrieving revision 5.62
diff -c -r5.62 network.c
*** kdc/network.c 24 Sep 2004 02:21:47 -0000 5.62
--- kdc/network.c 25 Apr 2005 22:02:56 -0000
***************
*** 722,727 ****
--- 722,728 ----
char pktbuf[MAX_DGRAM_SIZE];
int port_fd = conn->fd;
+ response = NULL;
saddr_len = sizeof(saddr);
cc = recvfrom(port_fd, pktbuf, sizeof(pktbuf), 0,
(struct sockaddr *)&saddr, &saddr_len);
===================================================================
I would like to point out that, the above fix is for only for UDP
communication part. For TCP communication, this kind of fix is missing.
Here is the fix for TCP communication part.
=============================================
File: src/kdc/network.c
Function : accept_tcp_connection()
Line number : around 825
newconn->u.tcp.addr_s = addr_s;
newconn->u.tcp.addrlen = addrlen;
newconn->u.tcp.bufsiz = 1024 * 1024;
newconn->u.tcp.buffer = malloc(newconn->u.tcp.bufsiz);
newconn->u.tcp.start_time = time(0);
newconn-> u.tcp.response = NULL; /* Fix for MIT krb5 Security Advisory
2005-002: TCP part */
===============================================
Let me know whether I am correct ?
Thanks in advance.
- Sachin Punadikar.
More information about the krbdev
mailing list