[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: another rsh fix



On Tue, Aug 17, 1999 at 10:33:15AM +1000, Brian A May wrote:
> 68                      abort ();
> (gdb) l
> 63                  if (ret != 4)
> 64                      return -1;
> 65                  len = ntohl(len);
> 66                  outer_len = krb5_get_wrapped_length (context, crypto, len);
> 67                  if (outer_len > sz)

Shouldn't that read:
if (len > sz)
?????

as, if I am correct:
outer_len is the size of the data, encrypted (so it will be larger).
len       is the size of the data non-encrypted.
sz        is the buffer size allocated for non-encrypted data.

Hence, when len==sz (the maximum size supported) then outer_len > sz.

> 68                      abort ();
> 69                  ret = krb5_net_read (context, &fd, buf, outer_len);

But then, this statement reads the encrypted data into the buffer
for non-encrypted data, which of course is too small, as it doesn't
allow extra space for the encrypted data to grow. I think dynamic
memory allocation would have to be used here...
 
I am not sure why this problem doesn't occur with an Ultrix client,
but suspect that the Ultrix read from STDIN isn't returning as many bytes.

> 70                  if (ret != outer_len)
> 71                      return -1;
> 72
> (gdb) print outer_len
> $1 = 16416
> (gdb) print sz
> $2 = 16384
> (gdb) print len
> $3 = 16384
> (gdb) c
> Continuing.

-- 
Brian May <bmay@csse.monash.edu.au>