On 11/9/05, Mike Friedman <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 9 Nov 2005 at 15:36 (-0500), Kevin Coffman wrote: > > > Our patches are here: > > http://www.citi.umich.edu/u/kwc/krb5stuff/referrals.html > > > > The page will be updated soon with a patch for 1.4.2, but the 1.3.4 > > patch applied rather cleanly last night while doing the cvs merge to > > 1.4.2. > > Kevin, > > I've been using your referrals patch for about 4 years now and last August > I updated our KDC to 1.4.2. So, I had to update the patch as well. Aside > from line number changes, I found at least one place where a substantive > (though very small) change was required. > > In krb5/src/lib/krb5/os/hst_realm.c, in the krbt_get_host_referral_realm > function, I changed > > char local_host[MAX_DNS_NAMELEN+1]; > > to > > char local_host[MAXDNAME]; > > because, I believe (this is based on my memory now) MAX_DNS_NAMELEN was > not defined in this module. I figured that MAXDNAME was large enough to > incorporate the size of MAX_DNS_NAMELEN+1, at least to avoid a buffer > overflow condition. Of course, I might be wrong and there may very well > be a better way to handle this change. > > My 1.4.2 KDC has been running (continuously) since early September with no > problems. > > I didn't sent you my patch updates because initially I was going to 1.4.1 > and I needed to incorporate MIT patches SA-2005-002 and SA-2005-003 that > came out before 1.4.2 was released and which hit one of the modules that > your patch does. So I had to incorporate all 3 patches in that particular > module (kdc/do_tgs_req.c, I believe). > > But then I decided to go with 1.4.2, so I guess my referrals patch stands > on its own. If you like, I can send it to you if you haven't already done > your own update. > > Mike
Thanks Mike, I remembered that one-line change after I sent my previous message. I made the same change (except from "MAX_DNS_NAMELEN+1" to "MAXDNAME+1"). I have a script somewhere to generate the patch, so now that I've done the merge it should be easy enough to generate a new patch. But if you have a clean referrals patch, it would be nice to compare. We have other local mods that I try to keep out of those patches. K.C. ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
