Bug in pkinit_clnt.c?

Greg Hudson ghudson at mit.edu
Fri Jul 3 23:05:17 EDT 2015


On 07/03/2015 12:43 PM, Daniel Deptuła wrote:
> -    for (princptr = princs; *princptr != NULL; princptr++)
> -        TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, *princptr);
> +    if (princs != NULL) {
> +        for (princptr = princs; *princptr != NULL; princptr++)
> +            TRACE_PKINIT_CLIENT_SAN_KDCCERT_PRINC(context, *princptr);
> +    }

This is correct in spirit; other parts of the function allow for princs
to be NULL, and there are rare cases where the OpenSSL implementation
will return 0 with princs set to NULL.  I filed in a pull request for a
similar fix.  Thanks for the report.


More information about the Kerberos mailing list