krb524d and KRB524_KRB4_DISABLED

Jeffrey Altman jaltman at secure-endpoints.com
Wed Oct 17 12:47:56 EDT 2007


John Hascall wrote:
>
> I tried it, and alas, it appears that (at least some old) clients die
> ugly when they get a krb5_error_code that they do not know:
>
> ...

> This kinit was compiled against krb5-1.2.6 which seems to know only
> codes -1750206208 .. -1750206201 and not -1750206200[KRB524_KRB4_DISABLED]
>
That implies a bug in com_err() at least in 1.2.6 in which an error code
within a base range but beyond the length of the table will cause a
memory access error.  Reading the code it looks like this shouldn't
happen with the 1-6 branch.  However, I don't see a commit message with
a specific fix for this so you might want to make up an error code and
throw it at a 1.6 client just to make sure.

Jeffrey Altman



-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/kerberos/attachments/20071017/81e60f26/attachment.bin


More information about the Kerberos mailing list