[krbdev.mit.edu #6764] has_mandatory_for_kdc_authdata checks only first authdata element
Mike Roszkowski via RT
rt-comment at krbdev.mit.edu
Fri Aug 27 14:16:37 EDT 2010
>Submitter-Id: net
>Originator: Mike Roszkowski
>Organization: University of Wisconsin-Madison
>Confidential: no
>Synopsis: has_mandatory_for_kdc_authdata checks only first authdata element
>Severity: non-critical
>Priority: low
>Category: krb5-kdc
>Class: sw-bug
>Release: 1.8.2
>Environment:
System: Linux sugar.doit.wisc.edu 2.6.18-194.3.1.el5 #1 SMP Sun May 2 04:17:42 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux
Architecture: x86_64
>Description:
I was trying to debug a kdc crash and was looking at kdc_authdata.c and found
what looks to be a typo in has_mandatory_for_kdc_authdata:
1 if (authdata != NULL) {
2 for (i = 0; authdata[i] != NULL; i++) {
3 if (authdata[0]->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC) {
4 ret = TRUE;
5 break;
6 }
7 }
8 }
In the line marked "3" above, only authdata[0] is being checked. I think the
intention was to check all the authdata elements, so it should be
authdata[i].
>How-To-Repeat:
>Fix:
More information about the krb5-bugs
mailing list