[krbdev.mit.edu #8166] [krb5bug] kdb5_ldap_util view_policy does not shows ticket flags on s390x and ppc64 (big-endian issue ?) ...
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Sun Apr 12 23:44:23 EDT 2015
I think the problem is in krb5_ldap_read_policy() in ldap_tkt_policy.c,
where it makes three calls to krb5_ldap_get_value() and casts from long
* to int * for the return parameter. On a big-endian LP64 platform,
the 32-bit result gets written into the high 32 bits of the field.
There are some other unsafe uses of krb5_ldap_get_value() which cast
from int32_t * to int *, but those aren't likely to cause a practical
issue since there aren't any common platforms where int isn't 32 bits.
We should probably fix those when we fix the bug, though.
We do have a big-endian nightly build machine running Solaris, but it
doesn't test LDAP functionality for lack of dependencies. It will take
a bit to spin up an LDAP environment on that machine to test the fix
with.
More information about the krb5-bugs
mailing list