Bug#428732: [krbdev.mit.edu #5593] kadmin crashes during password changes
Ken Raeburn via RT
rt-comment at krbdev.mit.edu
Fri Jul 6 19:58:09 EDT 2007
I just tried on our x86_64 etch system (1.4.4-7etch1 kadmind
installed), and with a few simple tests, couldn't reproduce the
problem. I set up a realm FOOBAR.X with a user principal ken with
admin privileges, ran "kadmin -p ken -q 'cpw ken'" and then "kpasswd"
a few times, sometimes re-using the same password, sometimes trying
different passwords (all short).
However, after a reminder from Tom Yu that we had some int/pointer
problems fixed in that code a while back, I built -7etch1 (since
-7etch2 doesn't seem to be on the servers I'm using?), worked out a
rough function call stack from the stack trace in the Debian bug
report, and found this once I knew where to look:
../../../src/kadmin/server/misc.c:148: warning: assignment makes
pointer from integer without a cast
Line 148: time_string = ctime(&until);
A disassembly confirms that the compiler is widening the assumed int
return value from ctime, from 32 to 64 bits, when in fact it's a 64-
bit pointer. I tried calling ctime under gdb, and it showed me a 32-
bit value with the high bit set. Whether that's the true value, or
gdb was confused about the return type and truncated to 32 bits, I
don't know. But either way, that high bit in the low 32 is going to
get copied into the upper 32 bits, probably not what we want.
This code path requires that the principal in question have a policy
dictating a minimum time before the password can be changed, and a
password change made before that time has elapsed. (I should've
thought of that given the description of changing passwords
specifically in a short time.) Andrew, does that describe your
situation? If so, changing src/kadmin/server/misc.c to include
<time.h> could fix the problem.
Ken
More information about the krb5-bugs
mailing list