svn rev #19537: trunk/src/ include/ lib/krb5/krb/

jaltman@MIT.EDU jaltman at MIT.EDU
Tue May 1 21:31:51 EDT 2007


Commit By: jaltman
Log Message: 
ticket: 5552
tags: pullup

  k5-int.h, gic_opt.c

  The krb5_get_init_creds_password() and krb5_get_init_creds_keytab() 
  functions permit the gic_opts parameter to be NULL.   This is not
  taken into account when testing the value with the macros
  krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
  Nor is it taken into account within krb5int_gic_opte_copy() which 
  is called by krb5int_gic_opt_to_opte() when the input parameter is
  not a krb5_gic_opt_ext structure.

  This commit makes two changes:

  (1) it modifies the macros to ensure that the value is non-NULL
      before evaluation.

  (2) it modifies krb5int_gic_opte_copy() to avoid copying the 
      original values with memcpy() when the input is NULL.
      
  In addition, the code was audited to ensure that the flag
  KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
  it is set, that the allocated krb5_gic_opt_ext structure is 
  freed by krb5_get_init_creds_password() and 
  krb5_get_init_creds_keytab().




Changed Files:
U   trunk/src/include/k5-int.h
U   trunk/src/lib/krb5/krb/gic_opt.c



More information about the cvs-krb5 mailing list