[krbdev.mit.edu #3490] getpwnam_r status checked incorrectly
Public Submitter via RT
rt-comment at krbdev.mit.edu
Sat Mar 4 21:57:41 EST 2006
glibc's getpwnam_r returns success even if the user wasn't found, but
the result pointer is set to NULL. The Kerberos source assumes that
k5_getpwnam_r will fail if the user wasn't found and dereferences OUT
without any further checks. Use a technique similar to the other cases
and change the status to -1 if OUT is NULL.
A better approach may be to change the source to not assume success
means that OUT is non-NULL, since that appears to be all POSIX
guarantees. But this works.
More information about the krb5-bugs
mailing list