BUG: kinit coredumps when changing expired password, potentially kpasswd as well
Alistair Mackay
ali_m_000 at hotmail.com
Wed Feb 13 09:32:21 EST 2002
Version: kerberos V 1.2.3
Location: src/lib/krb5/krb/gic_pwd.c line 271
Platform: Solaris 2.6 (though by its nature, should affect all)
Description:
When attempting to aquire a TGT from a server that has "User must
change password at next logon" set, if a new password is entered that
does not meet the password requirements for the server a seg fault
occurs when the "Password Change Rejected. Please Try Again message"
is printed.
The reason being is that result_string.length is zero (OK) but the
pointer result_string.data is NULL - kerrrunch!
As you can see, the same could be possible with code_string so the
same action is taken
Resolution:
Existing code:
sprintf(banner, "%.*s%s%.*s. Please try again.\n",
code_string.length, code_string.data,
result_string.length?": ":"",
result_string.length, result_string.data);
Suggested fix:
sprintf(banner, "%.*s%s%.*s. Please try again.\n",
code_string.length,
code_string.data ? code_string.data : "",
result_string.length?": ":"",
result_string.length,
result_string.data ? result_string.data : "" );
After grepping the source, I find the same may occur at the following
locations requiring the same action...
src/clients/kpasswd/kpasswd.c line 137
src/mac/kpasswd.c line 139
src/windows/cns/kpasswd/c line 82
And possibly in the macro SAMDATA in
src/lib/krb5/krb/preauth2.c line 220
...though unless it breaks for me, I can't be bothered to pick apart
the macro :-)
Regards,
Alistair Mackay
(Has also been posted to krb5-bugs at mit.edu)
More information about the Kerberos
mailing list