[krbdev.mit.edu #5765] RE: krb5_cc_resolve is crashing in windows XP j

Jeffrey Altman via RT rt at krbdev.mit.edu
Mon Sep 24 10:50:00 EDT 2007 

[eswars at huawei.com - Mon Sep 24 10:32:06 2007]:

> Hi Jeffrey,
> It is failed when cred.client is assigned to temp variable inside
> following
> function.
> krb5_copy_principal(context, creds.client, &data->princ). After this
> assignment there is NULL check, but it is failing before it self.
> 
> I fixed this problem as following. Only one null check is missed.
> lib/krb5/ccache/cc_mslsa.c
> static krb5_error_code KRB5_CALLCONV
> krb5_lcc_resolve (krb5_context context, krb5_ccache *id, const char
> *residual){
> ...............
> if (!MSCredToMITCred(msticket, msticket->DomainName, context, &creds))
>             retval = KRB5_FCC_INTERNAL;
>         LsaFreeReturnBuffer(msticket);
> 		if(NULL == creds.client)
> 		{
> 			return KRB5_FCC_NOFILE;// please provide me correct
> error code. What I can return.
> 		}
> 			...................................
> }

This would not be the correct fix.  MSCredToMITCred() should not return
success if the creds.client can not be assigned.

> This has been produced in windows xp sp2 /sp0 English if you logged in
> as
> Domain administrator as per my analysis.

I logged into my XP SP2 US-English system with the Domain Administrator
account before my initial reply to you and executed this code path
successfully.  Its not just that the account is the domain
administrator.  There is something else.

Please try this patch:

Index: cc_mslsa.c
===================================================================
--- cc_mslsa.c  (revision 19964)
+++ cc_mslsa.c  (working copy)
@@ -378,8 +378,8 @@
     wcscat(princbuf, L"@");
     wcscat(princbuf, realm);
     if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
-        krb5_parse_name(context, aname, principal);
-        return TRUE;
+        if (krb5_parse_name(context, aname, principal) == 0)
+           return TRUE;
     }
     return FALSE;
 }
@@ -404,8 +404,8 @@
     wcscat(princbuf, L"@");
     wcscat(princbuf, realm);
     if (UnicodeToANSI(princbuf, aname, sizeof(aname))) {
-        krb5_parse_name(context, aname, principal);
-        return TRUE;
+        if (krb5_parse_name(context, aname, principal) == 0)
+           return TRUE;
     }
     return FALSE;
 }



> Please provide me why it is caused.
> One request I wanted VC++ solution files for building/ debugging
> libraries
> where can I get those.

There are no VC++ solution files.  KFW is built as described in the
release notes using command-line tools including perl and nmake.  The
resulting binaries are built with symbol data that can be used for
debugging.

More information about the krb5-bugs mailing list