From ba2127c788ff2f7afa43a01146ecd0f1c0ca1459 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Love=20H=C3=B6rnquist=20=C3=85strand?= Date: Mon, 28 Jul 2008 15:01:05 +0000 Subject: [PATCH] The "kaserver" part of Heimdal occasionally issues invalid AFS tokens (here "occasionally" means for certain users in certain realms). In lib/krb5/v4_glue.c, in the routine storage_to_etext the ticket is padded to a multiple of 8 bytes. If it is already a multiple of 8 bytes, 8 additional 0-bytes are added. This catches the AFS krb4 ticket decoder by surprise: unless the ticket is exactly 56 bytes, it only supports the minimum necessary padding. It detects the superfluous padding by comparing the ticket length decoded to the advertised ticket length. Hence a 7-letter userid in "cern.ch" which resulted in a ticket of 40 bytes, got "padded" to 48 bytes which the rxkad decoder rejected. From Rainer Toebbicke. git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@23475 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/krb5/v4_glue.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/krb5/v4_glue.c b/lib/krb5/v4_glue.c index 97f0dd62f..baa4bd689 100644 --- a/lib/krb5/v4_glue.c +++ b/lib/krb5/v4_glue.c @@ -348,12 +348,12 @@ storage_to_etext(krb5_context context, krb5_ssize_t size; krb5_data data; - /* multiple of eight bytes */ + /* multiple of eight bytes, don't round up */ size = krb5_storage_seek(sp, 0, SEEK_END); if (size < 0) return KRB4ET_RD_AP_UNDEC; - size = 8 - (size & 7); + size = ((size+7) & ~7) - size; ret = krb5_storage_write(sp, eightzeros, size); if (ret != size)