To:
kerberos@mit.edu
On 3/18/21 4:53 PM, Tony Rodriguez wrote:
I am new to kerberos. How can I sanity test that recursion within asn.1_encode stops after 31? Does kerberos have any command line
utilities to test asn.1_encode? If so, what are they and which
parameters must I pass? If not, does someone have example code that I
can compile to test the recursion level logic works as expected?
I've attached the test program I wrote to verify the problem. Run it
with a numeric buffer size argument. With the unpatched code I was able
to produce a stack overflow with a buffer size of 90000.
I2luY2x1ZGUgPGtyYjUuaD4KI2luY2x1ZGUgPGFzc2VydC5oPgojaW5jbHVkZSA8c3RkbGli Lmg+CgprcmI1X2Vycm9yX2NvZGUKZGVjb2RlX2tyYjVfYXBfcmVxKGNvbnN0IGtyYjVfZGF0 YSAqb3V0cHV0LCBrcmI1X2FwX3JlcSAqKnJlcCk7CgppbnQgbWFpbihpbnQgYXJnYywgY2hh ciAqKmFyZ3YpCnsKICAgIGNoYXIgKmJ1ZjsKICAgIHNpemVfdCBpLCBsZW4gPSBhdG9pKGFy Z3ZbMV0pOwogICAga3JiNV9kYXRhIGQ7CgogICAgYXNzZXJ0KGxlbiAlIDIgPT0gMCk7CiAg ICBidWYgPSBtYWxsb2MobGVuKTsKICAgIGZvciAoaSA9IDA7IGkgPCBsZW47IGkgKz0gMikg ewoJYnVmW2ldID0gMHg2ZTsKCWJ1ZltpICsgMV0gPSAweDgwOyAvKiBpbmRlZmluaXRlIGxl bmd0aCAqLwogICAgfQogICAgZC5kYXRhID0gYnVmOwogICAgZC5sZW5ndGggPSBsZW47CiNp ZmRlZiBIRUlNREFMCiAgICBrcmI1X2FwX3JlcSByOwogICAga3JiNV9kZWNvZGVfYXBfcmVx KE5VTEwsICZkLCAmcik7CiNlbHNlCiAgICBrcmI1X2FwX3JlcSAqcjsKICAgIGRlY29kZV9r cmI1X2FwX3JlcSgmZCwgJnIpOwojZW5kaWYKICAgIHJldHVybiAwOwp9Cgo=
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)