Possible bug in "kg_ctx_internalize()" function in MIT 1.6.3

Luke Howard lukeh at padl.com
Wed Dec 24 01:19:13 EST 2008 

Sachin,

I noticed this too whilst adding support for authorization data  
serialization, and fixed it in r21558 (mskrb-integ branch).

http://src.mit.edu/fisheye/changelog/krb5/branches/mskrb-integ?cs=21558

regards,

-- Luke

On 24/12/2008, at 4:49 PM, Sachin Punadikar wrote:

> Hi,
> I think, people  from krbdev mailing list might have answer to below
> Awaiting clarification.
> Thanks.
> - Sachin
>
> ---------- Forwarded message ----------
> From: Sachin Punadikar <punadikar.sachin at gmail.com>
> Date: Mon, Dec 1, 2008 at 3:33 PM
> Subject: kg_ctx_internalize() function in MIT 1.6.3
> To: kerberos at mit.edu
>
>
> Hello,
>
> I was going through the gssapi  MIT krb1.6.3 code and I feel there  
> is a
> possible bug in kg_ctx_internalize() function defined in
> src/lib/gssapi/krb5/ser_sctx.c file.
>
> As I understand the function should unpack entities in the same  
> order in
> which they were packed by kg_ctx_externalize() function. But it  
> misses the
> order while unpacking the last two structure variables as shown  
> below. Since
> acceptor_subkey_cksumtype  was packed before cred_rcache and also  
> occurs
> before in the _krb5_gss_cred_id_rec structure definition,
> acceptor_subkey_cksumtype should be unpacked BEFORE cred_rcache,  
> else the
> values will get swapped.
>
> Current Code in  kg_ctx_internalize() function:
>
>        if (!kret)
>        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>        ctx->cred_rcache = ibuf;
>        if (!kret)
>        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>        ctx->acceptor_subkey_cksumtype = ibuf;
>
> Proposed Code in  kg_ctx_internalize() function with change in  
> sequence
> while unpacking:
>
>    if (!kret)
>        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>        ctx->acceptor_subkey_cksumtype = ibuf;
>        if (!kret)
>        kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>        ctx->cred_rcache = ibuf;
>
>
> Kindly let me know if this is valid.
>
> - Sachin
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
>

--
www.padl.com | www.fghr.net

More information about the krbdev mailing list