[krbdev.mit.edu #5841] GSSAPI Error Display Bug
David Bartley via RT
rt-comment at krbdev.mit.edu
Tue Nov 13 17:02:20 EST 2007
There's a bug in the GSSAPI g_display_com_err_status function. Kerberos
error codes are represented as an int32 are are negative. However, in
g_display_com_err the status_value (i.e. the krb5 error) is passed in as a
uint32. This function then passes status_value to error_message, which
expects a signed long, which is an int64 on 64-bit systems. Casting a uint32
to an int64 will not sign-extend the value, so an incorrect error code ends
up being passed to error_message.
This bug can be seen when using SASL/GSSAPI (e.g. ldapsearch). On 32-bit
systems the full error text is displayed, whereas on 64-bit systems only
the error number is displayed. I've attached a patch which fixes the bug.
More information about the krb5-bugs
mailing list