krb 1.6.x null pointer deref in krb5_get_init_creds_password
Bert Barbe
bert.barbe at oracle.com
Fri Jan 15 12:55:20 EST 2010
Hi all,
In function krb5_get_init_creds_password there is the following test:
/* historically the default has been to prompt for password change.
* if the change password prompt option has not been set, we continue
* to prompt. Prompting is only disabled if the option has been set
* and the value has been set to false.
*/
if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
goto cleanup;
We experienced a segmentation fault in this function (from openldap's
slapd) , which after investigation appeared
to be because options is NULL in the above test. The obvious fix would
be to test for a NULL value of options.
This happened in krb 1.6.1 but I verified the same test is also present
in 1.6.4-beta1.
Kind regards;
Bert Barbé
--
Oracle <http://www.oracle.com>
Bert Barbé | Principal Software Developer
Phone: +16506077447 | Mobile: +32496575949
Oracle Open Source Development
ORACLE Belgium BVBA
Ondernemingsnummer BTW BE 0440.966.354 RPR Brussel
Green Oracle <http://www.oracle.com/commitment> Oracle is committed to
developing practices and products that help protect the environment
More information about the Kerberos
mailing list