Subject: lib/20074: krb5 password change fails: unable to reach any changepw server
To: None <gnats-bugs@gnats.netbsd.org>
From: Mark Davies <mark@mcs.vuw.ac.nz>
List: netbsd-bugs
Date: 01/27/2003 14:28:32
>Number: 20074
>Category: lib
>Synopsis: krb5 password change fails: unable to reach any changepw server
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: lib-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jan 26 17:29:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator: Mark Davies
>Release: NetBSD 1.6L
>Organization:
Dept. of Comp. Sci., Victoria Uni. of Wellington, New Zealand.
>Environment:
System: NetBSD city-art.mcs.vuw.ac.nz 1.6L NetBSD 1.6L (MCS_WORKSTATION) #0: Fri Jan 17 15:03:28 NZDT 2003 mark@turakirae.mcs.vuw.ac.nz:/src/work/src/sys/arch/i386/compile/MCS_WORKSTATION i386
Architecture: i386
Machine: i386
>Description:
Any attempts to change krb5 password fail with the error
"unable to reach any changepw server" even though the changepw server
has been successfully connect to.
>How-To-Repeat:
Run kpasswd in a kerberos environment. Watch it fail
% /usr/bin/kpasswd
mark@MCS.VUW.AC.NZ's Password:
New password:
Verifying password - New password:
kpasswd: krb5_change_password: unable to reach any changepw server in realm MCS.VUW.AC.NZ
>Fix:
Apply the following patch (from the heimdal 0.5.1 release)
Index: crypto/dist/heimdal/lib/krb5/changepw.c
===================================================================
RCS file: /src/cvs/netbsd/src/crypto/dist/heimdal/lib/krb5/changepw.c,v
retrieving revision 1.8
diff -u -r1.8 changepw.c
--- crypto/dist/heimdal/lib/krb5/changepw.c 20 Sep 2002 22:05:59 -0000 1.8
+++ crypto/dist/heimdal/lib/krb5/changepw.c 27 Jan 2003 00:41:57 -0000
@@ -176,7 +176,7 @@
ap_rep_data.length = (reply[4] << 8) | (reply[5]);
priv_data.data = (u_char*)ap_rep_data.data + ap_rep_data.length;
priv_data.length = len - ap_rep_data.length - 6;
- if ((u_char *)priv_data.data + priv_data.length >= reply + len)
+ if ((u_char *)priv_data.data + priv_data.length > reply + len)
return KRB5_KPASSWD_MALFORMED;
if (ap_rep_data.length) {
>Release-Note:
>Audit-Trail:
>Unformatted: