Local buffer too small to hold opaque_auth data in svcauth_gss_validate?

Greg Hudson ghudson at mit.edu
Fri Sep 23 13:12:02 EDT 2016

On 09/22/2016 04:45 AM, Tomas Kuthan wrote:
> 299	u_char			 rpchdr[128];
> This feels unnecessarily limiting. At least since CVE-2007-3999 there is 
> no buffer overflow (lines 311-314), but still, it seems some valid 
> messages might get rejected just because their size exceeds 128.
> Is there a reason for having the local buffer be 128 B only?

I have no specific insight into this code, which is really old.  What
goes into opaque_auth data?  (I looked through the code, but it wasn't
obvious.)  Is this restriction creating a practical problem?

More information about the krbdev mailing list