svn rev #19537: trunk/src/ include/ lib/krb5/krb/
jaltman@MIT.EDU
jaltman at MIT.EDU
Tue May 1 21:31:51 EDT 2007
Commit By: jaltman
Log Message:
ticket: 5552
tags: pullup
k5-int.h, gic_opt.c
The krb5_get_init_creds_password() and krb5_get_init_creds_keytab()
functions permit the gic_opts parameter to be NULL. This is not
taken into account when testing the value with the macros
krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
Nor is it taken into account within krb5int_gic_opte_copy() which
is called by krb5int_gic_opt_to_opte() when the input parameter is
not a krb5_gic_opt_ext structure.
This commit makes two changes:
(1) it modifies the macros to ensure that the value is non-NULL
before evaluation.
(2) it modifies krb5int_gic_opte_copy() to avoid copying the
original values with memcpy() when the input is NULL.
In addition, the code was audited to ensure that the flag
KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
it is set, that the allocated krb5_gic_opt_ext structure is
freed by krb5_get_init_creds_password() and
krb5_get_init_creds_keytab().
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/lib/krb5/krb/gic_opt.c
More information about the cvs-krb5
mailing list