Bug in canon_name.c?
Sam Hartman
hartmans at MIT.EDU
Sun Apr 11 19:35:28 EDT 2004
>>>>> "Michael" == Michael Tautschnig <michael.tautschnig at zt-consulting.com> writes:
Michael> Hi! I tested the IPSec-daemon "racoon" and got segfaults
Michael> when using gssapi_krb - authentication. I was able to
Michael> track that down to the call of gss_canonicalize_name,
Michael> which is called with GSS_C_NO_OID as the mech_type.
Michael> Please correct me if that is wrong, but some
Michael> documentation said that this would even be preferred -
Michael> but gss_canonicalize_name checks the mech_type versus
Michael> gss_mech_krb5 using the macro g_OID_equal which will
Michael> immediatly segfault.
Michael> Is racoon doing something unwanted or is this a
Michael> mit-kerberos-bug?
Probably both. I'm not sure why it needs to call
gss_canonicalize_name, but it probably should not segfault in the MIT
code.
More information about the Kerberos
mailing list