[krbdev.mit.edu #8501] Potential use of uninitialized variable in kdc/main.c
Will Fiveash via RT
rt-comment at krbdev.mit.edu
Wed Sep 28 16:25:15 EDT 2016
Looks like there is the potential for usage of an uninitialized
variable. In https://github.com/krb5/krb5/blob/master/src/kdc/main.c
line 629 def_restrict_anon is defined but not set to a value:
krb5_boolean def_restrict_anon;
later if krb5_aprof_init() returns an error at 641:
if (!krb5_aprof_init(DEFAULT_KDC_PROFILE, KDC_PROFILE_ENV, &aprof)) {
then def_restrict_anon is still not set to a value. Then at line 719
init_realm() is called with def_restrict_anon uninitialized:
retval = init_realm(rdatap, aprof, optarg, mkey_name,
menctype, def_udp_listen,
def_tcp_listen, manual,
>>>>>> def_restrict_anon, db_args,
no_referral, hostbased);
More information about the krb5-bugs
mailing list