Local buffer too small to hold opaque_auth data in svcauth_gss_validate?
Greg Hudson
ghudson at mit.edu
Fri Sep 23 13:12:02 EDT 2016
On 09/22/2016 04:45 AM, Tomas Kuthan wrote:
> 299 u_char rpchdr[128];
>
> This feels unnecessarily limiting. At least since CVE-2007-3999 there is
> no buffer overflow (lines 311-314), but still, it seems some valid
> messages might get rejected just because their size exceeds 128.
>
> Is there a reason for having the local buffer be 128 B only?
I have no specific insight into this code, which is really old. What
goes into opaque_auth data? (I looked through the code, but it wasn't
obvious.) Is this restriction creating a practical problem?
More information about the krbdev
mailing list