IETF Logo Mail Archive

Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-02.txt (fwd)

Greg Hudson <ghudson@MIT.EDU> Sat, 18 January 2014 03:29 UTC

Return-Path: <ghudson@mit.edu>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EACE41AD83F for <kitten@ietfa.amsl.com>; Fri, 17 Jan 2014 19:29:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.139
X-Spam-Level:
X-Spam-Status: No, score=-3.139 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.538, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSBn0a6ajJU1 for <kitten@ietfa.amsl.com>; Fri, 17 Jan 2014 19:29:02 -0800 (PST)
Received: from dmz-mailsec-scanner-2.mit.edu (dmz-mailsec-scanner-2.mit.edu [18.9.25.13]) by ietfa.amsl.com (Postfix) with ESMTP id 357111A1F3F for <kitten@ietf.org>; Fri, 17 Jan 2014 19:29:02 -0800 (PST)
X-AuditID: 1209190d-f79776d000000ce9-19-52d9f4f10ac7
Received: from mailhub-auth-1.mit.edu ( [18.9.21.35]) (using TLS with cipher AES256-SHA (256/256 bits)) (Client did not present a certificate) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id CE.B6.03305.1F4F9D25; Fri, 17 Jan 2014 22:28:49 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-1.mit.edu (8.13.8/8.9.2) with ESMTP id s0I3Sgwf028481; Fri, 17 Jan 2014 22:28:43 -0500
Received: from [18.101.8.203] (vpn-18-101-8-203.mit.edu [18.101.8.203]) (authenticated bits=0) (User authenticated as ghudson@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s0I3SdOS030485 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Fri, 17 Jan 2014 22:28:42 -0500
Message-ID: <52D9F4E7.6050205@mit.edu>
Date: Fri, 17 Jan 2014 22:28:39 -0500
From: Greg Hudson <ghudson@MIT.EDU>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.2.0
MIME-Version: 1.0
To: mrex@sap.com
References: <20140118010111.326F31ABB3@ld9781.wdf.sap.corp>
In-Reply-To: <20140118010111.326F31ABB3@ld9781.wdf.sap.corp>
X-Enigmail-Version: 1.5.2
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFmphleLIzCtJLcpLzFFi42IR4hRV1v345WaQQV8br8XRzatYLHp/72B2 YPJYsuQnk8eUz1sZA5iiuGxSUnMyy1KL9O0SuDJWvlzCWPCdveLpvOnsDYzb2boYOTkkBEwk Ln/qgbLFJC7cWw9kc3EICcxmknj/5h4LhLORUWL17InMEM4RJom/C7ewgLTwCqhJNB29ANTC wcEioCpxea4QSJhNQFni4NlvYCWiAmESd/+vZYQoF5Q4OfMJWFxEQEBi4YoH7CA2s4CxxKWe 9awgtrBArMT9PoiLhASsJRo+LAXr5RSwkTi4rgnqUkmJbYuOQfXqSLzre8AMYctLbH87h3kC o9AsJOtmISmbhaRsASPzKkbZlNwq3dzEzJzi1GTd4uTEvLzUIl0jvdzMEr3UlNJNjODAluTd wfjuoNIhRgEORiUe3gefbgYJsSaWFVfmHmKU5GBSEuX1fwwU4kvKT6nMSCzOiC8qzUktPsQo wcGsJML7uh0ox5uSWFmVWpQPk5LmYFES573JYR8kJJCeWJKanZpakFoEk5Xh4FCS4JUARrCQ YFFqempFWmZOCUKaiYMTZDgP0HCpzyDDiwsSc4sz0yHypxgVpcR5n4MkBEASGaV5cL2wxPOK URzoFWHexyBVPMCkBdf9CmgwE9BgkViwwSWJCCmpBkb/V3zMr048mr7z9NfaiMLXU09brdww LXLX7IYTntsfnm7uTbcSq576/UnYdF6RydNX60RpCKjWFjoF71AK0Z7Ezho0Ny547lWh5udR IRo1l/bG5Ty2r337X9Rx8clTIh+vOx8ocIq02dPwgmtHleXPTdp7Hkw/9GxjycQpK09vtSxV lZNYrhetxFKckWioxVxUnAgARUuvGBcDAAA=
Cc: kitten@ietf.org
Subject: Re: [kitten] New Version Notification for draft-kaduk-kitten-gss-loop-02.txt (fwd)
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jan 2014 03:29:04 -0000

On 01/17/2014 08:01 PM, Martin Rex wrote:
>>> /* It is safe to call gss_release_buffer twice on the same buffer. */

> I hadn't notice this strange comment about gss_release_buffer() before,
> and I'm voilently opposed, please remove that misleading comment.

The comment in the draft is trying to say that it's okay to call
gss_release_buffer twice with the same reference to a gss_buffer_desc
structure, trusting that the first call will put the structure into a
state where the second call is a no-op.  Unfortunately, RFC 2744 does
not appear to guarantee this; 5.26 only requires that the length is set
to 0 after the storage is freed (implementations are merely "encouraged"
to zero the pointer field), and does not guarantee that a second call
won't double-free the storage.

If it is okay for the sample code to rely on this behavior, in spite of
RFC 2744 not specifying that it is okay, then perhaps the comment should
be clarified or removed to avoid confusing people like it did Martin.

v2.30.2 | Report a Bug | By Email | System Status