[LWN Logo] 

Date:         Wed, 17 May 2000 15:20:05 -0400
From: "Jeffrey I. Schiller" <jis@MIT.EDU>
Subject:      Yet Another Kerberos Patch
To: BUGTRAQ@SECURITYFOCUS.COM

-----BEGIN PGP SIGNED MESSAGE-----

       Yesterday's announcement of buffer overruns in Kerberos caused
some folks to upgrade to krb5-1.1.1 as part of the process of fixing the
problem. It turns out that if you compile krb5-1.1 or krb5-1.1.1 with
the --without-krb4 option, a dangling "else" clause is activated in
login.c that has disastrous results. The patch below deals with this.

                         -Jeff Schiller and
                          Tom Yu
                          for the Kerberos Development Team

Index: login.c
===================================================================
RCS file: /cvs/krbdev/krb5/src/appl/bsd/login.c,v
retrieving revision 5.77
retrieving revision 5.78
diff -c -r5.77 -r5.78
*** login.c     1999/12/15 02:14:55     5.77
- --- login.c     2000/02/06 21:57:32     5.78
***************
*** 1455,1465 ****
  #ifdef KRB5_GET_TICKETS
      if (login_krb5_get_tickets)
        dofork();
- -     else
  #endif
  #ifdef KRB4_GET_TICKETS
!       if (login_krb4_get_tickets)
!           dofork();
  #endif

  /* If the user's shell does not do job control we should put it in a
- --- 1455,1464 ----
  #ifdef KRB5_GET_TICKETS
      if (login_krb5_get_tickets)
        dofork();
  #endif
  #ifdef KRB4_GET_TICKETS
!     else if (login_krb4_get_tickets)
!       dofork();
  #endif

  /* If the user's shell does not do job control we should put it in a
***************
*** 1587,1597 ****
  #ifdef KRB5_GET_TICKETS
      if (forwarded_v5_tickets)
        destroy_tickets();
- -     else
  #endif
  #ifdef KRB4_GET_TICKETS
!       if (got_v4_tickets)
!           destroy_tickets();
  #endif

  #ifdef OQUOTA
- --- 1586,1595 ----
  #ifdef KRB5_GET_TICKETS
      if (forwarded_v5_tickets)
        destroy_tickets();
  #endif
  #ifdef KRB4_GET_TICKETS
!     else if (got_v4_tickets)
!         destroy_tickets();
  #endif

  #ifdef OQUOTA


-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.0
Comment: Processed by Mailcrypt 3.5b6, an Emacs/PGP interface
Charset: noconv

iQCVAwUBOSLw4MUtR20Nv5BtAQFa/wP8CUO0o1S73YIVTEdVekJzJ+M4/H6Xeoce
0onrh4ZYt1LePEtXtoEqksqvr0DdvCxpfPdaCtkjPOu9uTTFPSjG5OyBBhlKw/Ho
m87ypQ/ZPckf8MT76UZv7FNmrDdoHCgO0YgM21IksCd7YUtOhFoUd9J53Etn3CTa
MxpTT6EpgHc=
=/605
-----END PGP SIGNATURE-----