[krbdev.mit.edu #8567] Bug in mslsa ccahe
Alexander Karaivanov via RT
rt-comment at krbdev.mit.edu
Fri Mar 31 00:06:53 EDT 2017
Hi
I believe I've found a bug in mit krb. The bug is in krb5_lcc_data()
in src/lib/krb5/ccache/cc_mslsa.c.
When krb5_lcc_data is allocated data->flags is not initialized. As
result krb5_lcc_next_cred() may not copy the ticket if flags might
happened to have KRB5_TC_NOTICKET bit randomly set.
Here is a simple fix:
diff --git a/src/lib/krb5/ccache/cc_mslsa.c b/src/lib/krb5/ccache/cc_mslsa.c
index 7a80470..c741a50 100644
--- a/src/lib/krb5/ccache/cc_mslsa.c
+++ b/src/lib/krb5/ccache/cc_mslsa.c
@@ -1553,6 +1553,7 @@ krb5_lcc_resolve (krb5_context context,
krb5_ccache *id, const char *residual)
data->LogonHandle = LogonHandle;
data->PackageId = PackageId;
data->princ = NULL;
+ data->flags = 0;
data->cc_name = (char *)malloc(strlen(residual)+1);
if (data->cc_name == NULL) {
Regards
Alex.
--
Alexander D. Karaivanov, System Developer | Karos Health, Krumtappen 4,3.th,2500 Valby, Denmark
Phone:+ 45 46550444, Mobile: +45 40995501 | skype: alexander.karaivanov, gtalk: alexander.karaivanov at karoshealth.com
More information about the krb5-bugs
mailing list