[krbdev.mit.edu #8501] Potential use of uninitialized variable in kdc/main.c
Will Fiveash via RT
rt-comment at krbdev.mit.edu
Thu Nov 3 15:50:57 EDT 2016
[wfiveash - Wed Sep 28 16:25:15 2016]:
> Looks like there is the potential for usage of an uninitialized
> variable. In https://github.com/krb5/krb5/blob/master/src/kdc/main.c
> line 629 def_restrict_anon is defined but not set to a value:
>
> krb5_boolean def_restrict_anon;
>
> later if krb5_aprof_init() returns an error at 641:
>
> if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) {
>
> then def_restrict_anon is still not set to a value. Then at line 719
> init_realm() is called with def_restrict_anon uninitialized:
>
> retval = init_realm(rdatap, aprof, optarg, mkey_name,
> menctype, def_udp_listen,
> def_tcp_listen, manual,
> >>>>>> def_restrict_anon, db_args,
> no_referral, hostbased);
>
Perhaps what would be better is if krb5_aprof_init() returns an error
then exit(1); should be called?
More information about the krb5-bugs
mailing list