pending/1055: kinit: Segmentation Fault

Ali M ali_m_000 at hotmail.com
Wed Feb 13 09:33:47 EST 2002 

>Number:         1055
>Category:       pending
>Synopsis:       kinit: Segmentation Fault
>Confidential:   yes
>Severity:       serious
>Priority:       medium
>Responsible:    gnats-admin
>State:          open
>Class:          sw-bug
>Submitter-Id:   unknown
>Arrival-Date:   Wed Feb 13 09:34:00 EST 2002
>Last-Modified:
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
Version: kerberos V 1.2.3
Location: src/lib/krb5/krb/gic_pwd.c  line 271
Platform: Solaris 2.6 (though by its nature, should affect all)
Description:
When attempting to aquire a TGT from a server that has "User must change 
password at next logon" set, if a new password is entered that does not meet 
the password requirements for the server a seg fault occurs when the 
"Password Change Rejected. Please Try Again message" is printed.
The reason being is that result_string.length is zero (OK) but the pointer 
result_string.data is NULL - kerrrunch!
As you can see, the same could be possible with code_string so the same 
action is taken

Resolution:

Existing code:

	 sprintf(banner, "%.*s%s%.*s.  Please try again.\n",
		 code_string.length, code_string.data,
		 result_string.length?": ":"",
		 result_string.length, result_string.data);

Suggested fix:

	 sprintf(banner, "%.*s%s%.*s.  Please try again.\n",
		 code_string.length,
                 code_string.data ? code_string.data : "",
		 result_string.length?": ":"",
		 result_string.length,
		 result_string.data ? result_string.data : "" );

After grepping the source, I find the same may occur at the following 
locations requiring the same action...
src/clients/kpasswd/kpasswd.c line 137
src/mac/kpasswd.c  line 139
src/windows/cns/kpasswd/c  line 82

And possibly in the macro SAMDATA in
src/lib/krb5/krb/preauth2.c  line 220
...though unless it breaks for me, I can't be bothered to pick apart the 
macro :-)

Regards,

Alistair Mackay





_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

More information about the krb5-bugs mailing list