RE: [krbdev.mit.edu #7802] git commit

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

RE: [krbdev.mit.edu #7802] git commit

Richard Basch
BTW, I am not sure this part of the patch is correct...

     retval = decode_krb5_tgs_req(pkt, &request);
+    /* Save pointer to client-requested service principal, in case of
errors
+     * before a successful call to search_sprinc(). */
+    sprinc = request->server;
     if (retval)
         return retval;

If decode_krb5_tgs_req fails, I foresee a potential dereference of a null
pointer. You might only want to set sprinc after confirming retval = 0.


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On Behalf
Of Tom Yu via RT
Sent: Monday, December 30, 2013 8:58 PM
To: 'AdminCc of krbdev.mit.edu Ticket #7802':
Subject: [krbdev.mit.edu #7802] git commit


Log service princ in KDC more reliably

Under some error conditions, the KDC would log "<unknown server>" for
the service principal because service principal information is not yet
available to the logging functions.  Set the appropriate variables
earlier.

do_as_req.c: After unparsing the client, immediately unparse the
server before searching for the client principal in the KDB.

do_tgs_req.c: Save a pointer to the client-requested service
principal, to make sure it gets logged if an error happens before
search_sprinc() successfully completes.

[[hidden email]: commit message; fix TGS to catch more error cases]

https://github.com/krb5/krb5/commit/f37067776f9431879769f3874fdab6120ba3f155
Author: rbasch <[hidden email]>
Committer: Tom Yu <[hidden email]>
Commit: f37067776f9431879769f3874fdab6120ba3f155
Branch: master
 src/kdc/do_as_req.c  |   25 +++++++++++++------------
 src/kdc/do_tgs_req.c |    5 +++++
 2 files changed, 18 insertions(+), 12 deletions(-)

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev
Reply | Threaded
Open this post in threaded view
|

RE: [krbdev.mit.edu #7802] git commit

Richard Basch
Patch is also available via github:
https://github.com/rbasch/krb5/commit/2fe117814d468c6a642f59d8190f64386415b1
c3

Wiki has been updated:
https://github.com/rbasch/krb5/wiki/KDC-log-fix


-----Original Message-----
From: Richard Basch [mailto:[hidden email]]
Sent: Tuesday, December 31, 2013 6:58 PM
To: [hidden email]; ''AdminCc of krbdev.mit.edu Ticket #7802':';
[hidden email]; [hidden email]
Subject: RE: [krbdev.mit.edu #7802] git commit

BTW, I am not sure this part of the patch is correct...

     retval = decode_krb5_tgs_req(pkt, &request);
+    /* Save pointer to client-requested service principal, in case of
errors
+     * before a successful call to search_sprinc(). */
+    sprinc = request->server;
     if (retval)
         return retval;

If decode_krb5_tgs_req fails, I foresee a potential dereference of a null
pointer. You might only want to set sprinc after confirming retval = 0.


-----Original Message-----
From: [hidden email] [mailto:[hidden email]] On
Behalf Of Tom Yu via RT
Sent: Monday, December 30, 2013 8:58 PM
To: 'AdminCc of krbdev.mit.edu Ticket #7802':
Subject: [krbdev.mit.edu #7802] git commit


Log service princ in KDC more reliably

Under some error conditions, the KDC would log "<unknown server>" for
the service principal because service principal information is not yet
available to the logging functions.  Set the appropriate variables
earlier.

do_as_req.c: After unparsing the client, immediately unparse the
server before searching for the client principal in the KDB.

do_tgs_req.c: Save a pointer to the client-requested service
principal, to make sure it gets logged if an error happens before
search_sprinc() successfully completes.

[[hidden email]: commit message; fix TGS to catch more error cases]

https://github.com/krb5/krb5/commit/f37067776f9431879769f3874fdab6120ba3f1
55
Author: rbasch <[hidden email]>
Committer: Tom Yu <[hidden email]>
Commit: f37067776f9431879769f3874fdab6120ba3f155
Branch: master
 src/kdc/do_as_req.c  |   25 +++++++++++++------------
 src/kdc/do_tgs_req.c |    5 +++++
 2 files changed, 18 insertions(+), 12 deletions(-)

_______________________________________________
krb5-bugs mailing list
[hidden email]
https://mailman.mit.edu/mailman/listinfo/krb5-bugs

_______________________________________________
krbdev mailing list             [hidden email]
https://mailman.mit.edu/mailman/listinfo/krbdev