[krbdev.mit.edu #7636] kinit bug - all versions since 1.9
Richard Basch via RT
rt-comment at krbdev.mit.edu
Fri May 10 12:22:57 EDT 2013
This bug is based on a code observation (feel free to try it; I didn't
because it seemed obvious).
If you have a file keytab with the name KDB_xyz, and you specify -kt
KDB_xyz, kinit will attempt to open the Kerberos database (which may or may
not exist on that machine), due to the strncmp() call being invoked with an
incorrect parameter. KDB: contains 4 characters, not 3 characters, and thus
strncmp() should have specified four characters to ensure the : is also
matched.
<tardis:probe> {~/krb5}
836-1$ diff -u krb5-1.11.2/src/clients/kinit/kinit.c{.dist,}
--- krb5-1.11.2/src/clients/kinit/kinit.c.dist 2013-04-12
13:51:35.000000000 -0400
+++ krb5-1.11.2/src/clients/kinit/kinit.c 2013-05-10
08:53:08.924024226 -0400
@@ -719,7 +719,7 @@
if ((opts->action == INIT_KT) && opts->keytab_name)
{
#ifndef _WIN32
- if (strncmp(opts->keytab_name, "KDB:", 3) == 0) {
+ if (strncmp(opts->keytab_name, "KDB:", 4) == 0) {
code = kinit_kdb_init(&k5->ctx,
krb5_princ_realm(k5->ctx, k5->me)->data);
if (code != 0) {
More information about the krb5-bugs
mailing list