From 49fd75dce4a56ce76659aaff296e9e106c614b00 Mon Sep 17 00:00:00 2001
From: Jeffrey Altman <jaltman@mit.edu>
Date: Fri, 2 Apr 2004 11:39:13 +0000
Subject: [PATCH] maxticketsize-20040402

When processing pioctl() operations, properly perform the test of
the ticket size to the ktc.ticket field.  The field is of fixed
size MAXKTCTICKETLEN and not some value which is adjusted based
upon the content of the message.
---
 src/auth/ktc_nt.c | 21 +++++++++++++++------
 1 file changed, 15 insertions(+), 6 deletions(-)

diff --git a/src/auth/ktc_nt.c b/src/auth/ktc_nt.c
index d9e04fe53..155723d8b 100644
--- a/src/auth/ktc_nt.c
+++ b/src/auth/ktc_nt.c
@@ -31,6 +31,8 @@ RCSID
 #include "auth.h"
 #include <afs/afsutil.h>
 
+/* TBUFFERSIZE must be at least 512 larger than KTCMAXTICKETSIZE */
+#define TBUFFERSIZE 8192  
 
 /* Forward declarations for local token cache. */
 static int SetLocalToken(struct ktc_principal *aserver,
@@ -248,7 +250,11 @@ ktc_SetToken(struct ktc_principal *server, struct ktc_token *token,
 	     struct ktc_principal *client, int flags)
 {
     struct ViceIoctl iob;
+<<<<<<< ktc_nt.c
+    char tbuffer[TBUFFERSIZE];
+=======
     char tbuffer[MAXKTCTICKETLEN];
+>>>>>>> 1.11
     char *tp;
     struct ClearToken ct;
     int temp;
@@ -416,7 +422,11 @@ ktc_GetToken(struct ktc_principal *server, struct ktc_token *token,
 	     int tokenLen, struct ktc_principal *client)
 {
     struct ViceIoctl iob;
+<<<<<<< ktc_nt.c
+    char tbuffer[TBUFFERSIZE];
+=======
     char tbuffer[MAXKTCTICKETLEN];
+>>>>>>> 1.11
     char *tp, *cp;
     char *ticketP;
     int ticketLen, temp;
@@ -537,9 +547,8 @@ ktc_GetToken(struct ktc_principal *server, struct ktc_token *token,
     /* user name is here */
 
     /* check that ticket will fit */
-    maxLen = tokenLen - sizeof(struct ktc_token) + MAXKTCTICKETLEN;
-    if (maxLen < ticketLen)
-	return KTC_TOOBIG;
+    if (MAXKTCTICKETLEN < ticketLen)
+		return KTC_TOOBIG;
 
     /* set return values */
     memcpy(token->ticket, ticketP, ticketLen);
@@ -569,7 +578,7 @@ int
 ktc_ListTokens(int cellNum, int *cellNumP, struct ktc_principal *server)
 {
     struct ViceIoctl iob;
-    char tbuffer[1024];
+    char tbuffer[TBUFFERSIZE];
     char *tp, *cp;
     int newIter, ticketLen, temp;
     int code;
@@ -662,7 +671,7 @@ int
 ktc_ForgetToken(struct ktc_principal *server)
 {
     struct ViceIoctl iob;
-    char tbuffer[1024];
+    char tbuffer[TBUFFERSIZE];
     char *tp;
     int code;
     HANDLE ktcMutex = NULL;
@@ -720,7 +729,7 @@ int
 ktc_ForgetAllTokens()
 {
     struct ViceIoctl iob;
-    char tbuffer[1024];
+    char tbuffer[TBUFFERSIZE];
     int code;
     HANDLE ktcMutex = NULL;
 
-- 
2.39.5