Possible bug in "kg_ctx_internalize()" function in MIT 1.6.3

Tom Yu tlyu at MIT.EDU
Wed Dec 24 01:23:17 EST 2008 

"Sachin Punadikar" <punadikar.sachin at gmail.com> writes:

> Hi,
> I think, people  from krbdev mailing list might have answer to below
> Awaiting clarification.

It looks like you have found a bug.  It would be helpful if you would
submit a bug report by sending mail to krb5-bugs at mit.edu.  If you have
a suggested patch, please include that as well.  Thanks.

> Thanks.
> - Sachin
>
> ---------- Forwarded message ----------
> From: Sachin Punadikar <punadikar.sachin at gmail.com>
> Date: Mon, Dec 1, 2008 at 3:33 PM
> Subject: kg_ctx_internalize() function in MIT 1.6.3
> To: kerberos at mit.edu
>
>
> Hello,
>
> I was going through the gssapi  MIT krb1.6.3 code and I feel there is a
> possible bug in kg_ctx_internalize() function defined in
> src/lib/gssapi/krb5/ser_sctx.c file.
>
> As I understand the function should unpack entities in the same order in
> which they were packed by kg_ctx_externalize() function. But it misses the
> order while unpacking the last two structure variables as shown below. Since
> acceptor_subkey_cksumtype  was packed before cred_rcache and also occurs
> before in the _krb5_gss_cred_id_rec structure definition,
> acceptor_subkey_cksumtype should be unpacked BEFORE cred_rcache, else the
> values will get swapped.
>
> Current Code in  kg_ctx_internalize() function:
>
>         if (!kret)
>         kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>         ctx->cred_rcache = ibuf;
>         if (!kret)
>         kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>         ctx->acceptor_subkey_cksumtype = ibuf;
>
> Proposed Code in  kg_ctx_internalize() function with change in sequence
> while unpacking:
>
>     if (!kret)
>         kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>         ctx->acceptor_subkey_cksumtype = ibuf;
>         if (!kret)
>         kret = krb5_ser_unpack_int32(&ibuf, &bp, &remain);
>         ctx->cred_rcache = ibuf;
>
>
> Kindly let me know if this is valid.
>
> - Sachin
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev

More information about the krbdev mailing list