From 6fada85f78185f6670fdc2771815a7cb95755ee1 Mon Sep 17 00:00:00 2001
From: Love Hornquist Astrand <lha@h5l.org>
Date: Wed, 16 Sep 2009 16:06:11 -0700
Subject: [PATCH] if the UDP packet is truncated, return too packet large

---
 kdc/config.c   | 12 +++++++-----
 kdc/connect.c  | 35 +++++++++++++++++++++++++++--------
 kdc/kdc_locl.h |  3 ++-
 3 files changed, 36 insertions(+), 14 deletions(-)

diff --git a/kdc/config.c b/kdc/config.c
index 4d370b177..61ef3f4e4 100644
--- a/kdc/config.c
+++ b/kdc/config.c
@@ -222,16 +222,16 @@ configure(krb5_context context, int argc, char **argv)
 	krb5_err(context, 1, ret, "krb5_kdc_set_dbinfo");
 
     if(max_request_str)
-	max_request = parse_bytes(max_request_str, NULL);
+	max_request_tcp = max_request_udp = parse_bytes(max_request_str, NULL);
 
-    if(max_request == 0){
+    if(max_request_tcp == 0){
 	p = krb5_config_get_string (context,
 				    NULL,
 				    "kdc",
 				    "max-request",
 				    NULL);
 	if(p)
-	    max_request = parse_bytes(p, NULL);
+	    max_request_tcp = max_request_udp = parse_bytes(p, NULL);
     }
 
     if(require_preauth != -1)
@@ -297,8 +297,10 @@ configure(krb5_context context, int argc, char **argv)
 							   "detach", NULL);
 #endif /* SUPPORT_DETACH */
     
-    if(max_request == 0)
-	max_request = 64 * 1024;
+    if(max_request_tcp == 0)
+	max_request_tcp = 64 * 1024;
+    if(max_request_udp == 0)
+	max_request_udp = 64 * 1024;
 
     if (port_str == NULL)
 	port_str = "+";
diff --git a/kdc/connect.c b/kdc/connect.c
index 9fd709b1b..c9b0ec538 100644
--- a/kdc/connect.c
+++ b/kdc/connect.c
@@ -46,7 +46,8 @@ const char *port_str;
 
 krb5_addresses explicit_addresses;
 
-size_t max_request;		/* maximal size of a request */
+size_t max_request_udp;
+size_t max_request_tcp;
 
 /*
  * a tuple describing on what to listen
@@ -480,20 +481,38 @@ handle_udp(krb5_context context,
     unsigned char *buf;
     int n;
 
-    buf = malloc(max_request);
+    buf = malloc(max_request_udp);
     if(buf == NULL){
-	kdc_log(context, config, 0, "Failed to allocate %lu bytes", (unsigned long)max_request);
+	kdc_log(context, config, 0, "Failed to allocate %lu bytes", (unsigned long)max_request_udp);
 	return;
     }
 
     d->sock_len = sizeof(d->__ss);
-    n = recvfrom(d->s, buf, max_request, 0, d->sa, &d->sock_len);
-    if(n < 0)
+    n = recvfrom(d->s, buf, max_request_udp, 0, d->sa, &d->sock_len);
+    if(n < 0) {
 	krb5_warn(context, errno, "recvfrom");
-    else {
+    } else {
 	addr_to_string (context, d->sa, d->sock_len,
 			d->addr_string, sizeof(d->addr_string));
-	do_request(context, config, buf, n, FALSE, d);
+	if (n == max_request_udp) {
+	    krb5_data data;
+	    krb5_warn(context, errno,
+		      "recvfrom: truncated packet from %s, asking for TCP",
+		      d->addr_string);
+	    krb5_mk_error(context,
+			  KRB5KRB_ERR_RESPONSE_TOO_BIG,
+			  NULL,
+			  NULL,
+			  NULL,
+			  NULL,
+			  NULL,
+			  NULL,
+			  &data);
+	    send_reply(context, config, FALSE, d, &data);
+	    krb5_data_free(&data);
+	} else {
+	    do_request(context, config, buf, n, FALSE, d);
+	}
     }
     free (buf);
 }
@@ -581,7 +600,7 @@ grow_descr (krb5_context context,
 	size_t grow;
 
 	grow = max(1024, d->len + n);
-	if (d->size + grow > max_request) {
+	if (d->size + grow > max_request_tcp) {
 	    kdc_log(context, config, 0, "Request exceeds max request size (%lu bytes).",
 		    (unsigned long)d->size + grow);
 	    clear_descr(d);
diff --git a/kdc/kdc_locl.h b/kdc/kdc_locl.h
index 024937e76..f2da03b5e 100644
--- a/kdc/kdc_locl.h
+++ b/kdc/kdc_locl.h
@@ -46,7 +46,8 @@ struct Kx509Request;
 #include <kdc-private.h>
 
 extern sig_atomic_t exit_flag;
-extern size_t max_request;
+extern size_t max_request_udp;
+extern size_t max_request_tcp;
 extern const char *request_log;
 extern const char *port_str;
 extern krb5_addresses explicit_addresses;
-- 
2.11.4.GIT