Clearing credentials question

Garrett Wollman wollman at bimajority.org
Thu Jan 6 23:53:06 EST 2011


In article <mailman.540.1294370431.20243.kerberos at mit.edu>,
Russ Allbery  <rra at stanford.edu> wrote:

>memset(&creds, 0, sizeof(creds));
>
>You need to zero the whole thing, not just a few fields, to be sure that
>you've caught any stray fields that may make the library think that
>there's allocated data to clear.

ObPedant:

Well, technically, Standard C says you're supposed to:

	static const krb5_creds zero_initialized_creds;
	krb5_creds creds = zero_initialized_creds;

Nobody ever does this.  Depending on how krb5_creds is declared, you
could also do:

	krb5_creds creds = { .name_of_some_scalar_member = 0 };

Again, nobody ever does this, to the extent that no processor
architecture for which they are different is likely ever to be
produced again.  (Certainly MIT Kerberos would never run on such an
architecture.)

Kerberos developers could follow the example of POSIX threads and
provide a manifest constant so that clients could do:

	krb5_creds creds = KRB5_CREDS_INITIALIZER;

...to give some additional clarity.  A good compiler will optimize
this initializer (which in C99 but not C89/C90 could be made a real
rvalue) into the memset call, whereas it may not be able to do the
same for the zero_initialized_creds version.

-GAWollman
-- 
Garrett A. Wollman    | What intellectual phenomenon can be older, or more oft
wollman at bimajority.org| repeated, than the story of a large research program
Opinions not shared by| that impaled itself upon a false central assumption
my employers.         | accepted by all practitioners? - S.J. Gould, 1993



More information about the Kerberos mailing list