[krbdev.mit.edu #1630] get_in_tkt_with_keytab passes wrong pointer to get_init_creds

Tom Yu via RT rt-comment at krbdev.mit.edu
Fri Jun 27 13:35:06 EDT 2003 

Return-Path: <herb at sgi.com>
Sender: herb at chomps.engr.sgi.com
Message-ID: <3EFA2803.EB1D2EC2 at sgi.com>
Date: Wed, 25 Jun 2003 15:53:55 -0700
From: Herb Lewis <herb at sgi.com>
Organization: Silicon Graphics Inc.
To: Tom Yu <tlyu at mit.edu>
Subject: Re: krb5-1.3-beta4 is available
References: <ldvel1tnvcj.fsf at cathode-dark-space.mit.edu>
Lines: 59
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==-=-="

--==-=-=

There is a minor problem we have discovered in the file 

krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c

In the function krb5_get_in_tkt_with_keytab you define the following
variable

krb5_keytab keytab; (krb5_keytab is actually a pointer to a structure)

and then pass the variable to the function krb5_get_init_creds as
&keytab (the argument is (void *)gak_data in this function). This
variable is then passed to the routine krb5_get_as_key_keytab where
it is used in the assignment 

krb5_keytab keytab = (krb5_keytab) gak_data;

but at this point it is actually a pointer to a krb5_keytab.

All other calls to krb5_get_init_creds use (void *) keytab not
&keytab as the argument. 

We get a SEGV because of a null pointer dereference when you use 
the command "kadmin -k". The following patch fixes this.

-- 
======================================================================
Herb Lewis                               Silicon Graphics 
Networking Engineer                      1600 Amphitheatre Pkwy MS-510
Strategic Software Organization          Mountain View, CA  94043-1351
herb at sgi.com                             Tel: 650-933-2177
http://www.sgi.com                       Fax: 650-932-2177          
PGP Key: 0x8408D65D
======================================================================
--==-=-=
Content-Type: text/plain; name=patches
Content-Disposition: inline; filename=patches

--- krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c.orig
+++ krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c
@@ -174,7 +174,7 @@
 				  creds, creds->client,  
 				  krb5_prompter_posix,  NULL,
 				  0, server, &opt,
-				  krb5_get_as_key_keytab, &keytab,
+				  krb5_get_as_key_keytab, (void *) keytab,
 				  0, ret_as_reply);
     krb5_free_unparsed_name( context, server);
     if (retval) {

--==-=-=--

More information about the krb5-bugs mailing list