Re: 2009-002-patch.txt fails 'make check' in 'tests/asn.1' for krb-1.5.4

Thu, 28 May 2009 00:47:04 -0700 

"Mark T. Valites" <mvali...@buffalo.edu> writes:

> I recently tried to update our MIT krb5-1.5.4 install with the patches for 
> the last two security advisories.
>
> The 2009-001-patch.txt & 2009-002-patch.txt patches apply cleanly against 
> the krb5-1.5.4 source & compile, but fail for 'make test'. The errors 
> appear to be coming from 'tests/asn.1' & contain some of the content 
> within the 2009-002-patch.txt patch. The tail end of the 'make test' 
> output is below.
>
> Has anyone else had luck patching 1.5.4 or have any suggestions for 
> addressing this?

There was a bug in the test case due to a change in the behavior of
the "free" functions.  I have updated the patch.

diff --git a/src/lib/krb5/asn.1/asn1_decode.c b/src/lib/krb5/asn.1/asn1_decode.c
index aa4be32..5f7461d 100644
--- a/src/lib/krb5/asn.1/asn1_decode.c
+++ b/src/lib/krb5/asn.1/asn1_decode.c
@@ -231,6 +231,7 @@ asn1_error_code asn1_decode_generaltime(asn1buf *buf, 
time_t *val)
 
   if(length != 15) return ASN1_BAD_LENGTH;
   retval = asn1buf_remove_charstring(buf,15,&s);
+  if (retval) return retval;
   /* Time encoding: YYYYMMDDhhmmssZ */
   if(s[14] != 'Z') {
       free(s);
diff --git a/src/tests/asn.1/krb5_decode_test.c 
b/src/tests/asn.1/krb5_decode_test.c
index 0ff9343..04ea287 100644
--- a/src/tests/asn.1/krb5_decode_test.c
+++ b/src/tests/asn.1/krb5_decode_test.c
@@ -485,6 +485,22 @@ int main(argc, argv)
     ktest_destroy_keyblock(&(ref.subkey));
     ref.seq_number = 0;
     decode_run("ap_rep_enc_part","(optionals NULL)","7B 1C 30 1A A0 11 18 0F 
31 39 39 34 30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 
40",decode_krb5_ap_rep_enc_part,ktest_equal_ap_rep_enc_part,krb5_free_ap_rep_enc_part);
+
+    retval = krb5_data_hex_parse(&code, "7B 06 30 04 A0 11 18 0F 31 39 39 34 
30 36 31 30 30 36 30 33 31 37 5A A1 05 02 03 01 E2 40");
+    if (retval) {
+       com_err("krb5_decode_test", retval, "while parsing");
+       exit(1);
+    }
+    retval = decode_krb5_ap_rep_enc_part(&code, &var);
+    if (retval != ASN1_OVERRUN) {
+       printf("ERROR: ");
+    } else {
+       printf("OK: ");
+    }
+    printf("ap_rep_enc_part(optionals NULL + expect ASN1_OVERRUN for 
inconsistent length of timestamp)\n");
+    krb5_free_data_contents(test_context, &code);
+    if (!retval) krb5_free_ap_rep_enc_part(test_context, var);
+
     ktest_empty_ap_rep_enc_part(&ref);
   }
   
________________________________________________
Kerberos mailing list           Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos

Reply via email to