From rt-comment at krbdev.mit.edu  Wed Apr  1 18:47:10 2026
From: rt-comment at krbdev.mit.edu (Shaun Walbridge via RT)
Date: Wed, 01 Apr 2026 18:47:10 -0400
Subject: [krbdev.mit.edu #9203] 1.21.3 release contains incorrect version
 information
In-Reply-To: <PH0PR05MB8528681053B0CBB3484A65ECAE50A@PH0PR05MB8528.namprd05.prod.outlook.com>
References: <RT-Ticket-9203@mit.edu>
 <PH0PR05MB8528681053B0CBB3484A65ECAE50A@PH0PR05MB8528.namprd05.prod.outlook.com>
Message-ID: <rt-4.4.3-2-1835096-1775083630-1544.9203-4-0@mit.edu>


Wed Apr 01 18:47:10 2026: Request 9203 was acted upon.
 Transaction: Ticket created by SWalbridge at esri.com
       Queue: krb5
     Subject: 1.21.3 release contains incorrect version information
       Owner: Nobody
  Requestors: SWalbridge at esri.com
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9203 >


The builds hosted both at:

  *
https://github.com/krb5/krb5/archive/krb5-1.21.3-final.tar.gz
  *
https://kerberos.org/dist/krb5/1.21/krb5-1.21.tar.gz


contain incorrect version information for the Windows builds. The src/windows/kerberos.ver files in this build contains:

#define KRB5_MAJOR_RELEASE 4
#define KRB5_MINOR_RELEASE 3
#define KRB5_PATCHLEVEL 0
#define KRB5_RELTAIL ?beta1"

However, the more recent 1.22 releases and the development version of the codebase retain KRB5_MINOR_RELEASE 1.  This means that in a Windows context, an installer will refuse to upgrade between the 1.21.3 release and 1.22 because it would downgrade the versions listed which violates the monotonic version expectations.

Locally, we are patching this so that we can continue distributing krb5, but would appreciate if this was considered as a core krb5 package issue.

Thanks for your time,
Shaun Walbridge


From rt-comment at krbdev.mit.edu  Wed Apr  1 18:49:02 2026
From: rt-comment at krbdev.mit.edu (=?UTF-8?B?0JXQstCz0LXQvdC40Lkg0KjQtdC80Y/QutC40L0=?= via RT)
Date: Wed, 01 Apr 2026 18:49:02 -0400
Subject: [krbdev.mit.edu #9204] Passing a null pointer to memcpy and memmove
 with null size
In-Reply-To: <CAEtB=ud8QoZ+3ww_-J1rmF1W3Drek4CHdaeYY2aYcJ4q8A2G0A@mail.gmail.com>
References: <RT-Ticket-9204@mit.edu>
 <CAEtB=ud8QoZ+3ww_-J1rmF1W3Drek4CHdaeYY2aYcJ4q8A2G0A@mail.gmail.com>
Message-ID: <rt-4.4.3-2-1835095-1775083741-1796.9204-4-0@mit.edu>


Wed Apr 01 18:49:01 2026: Request 9204 was acted upon.
 Transaction: Ticket created by playersvn at gmail.com
       Queue: krb5
     Subject: Passing a null pointer to memcpy and memmove with null size
       Owner: Nobody
  Requestors: playersvn at gmail.com
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9204 >


Good day!

Using Address Sanitizer, I found several places in the codebase where a
null pointer could be passed to memcpy and memmove functions when the size
was zero. Formally it's undefined behavior. I also found that this issue
had already been fixed here:
Ticket History #9175: NULL pointer passing error in asn1_encode.c
<https://krbdev.mit.edu/rt/Ticket/History.html?id=9175>

Here are other places where I've found a similar problem:
https://github.com/krb5/krb5/blob/f8a0bee0a54ba0d96804631a3261ecd233051863/src/lib/crypto/krb/aead.c#L182
https://github.com/krb5/krb5/blob/f8a0bee0a54ba0d96804631a3261ecd233051863/src/lib/crypto/krb/aead.c#L214
https://github.com/krb5/krb5/blob/f8a0bee0a54ba0d96804631a3261ecd233051863/src/lib/krb5/krb/serialize.c#L70
https://github.com/krb5/krb5/blob/f8a0bee0a54ba0d96804631a3261ecd233051863/src/lib/gssapi/krb5/prf.c#L114
https://github.com/krb5/krb5/blob/f8a0bee0a54ba0d96804631a3261ecd233051863/src/plugins/kdb/db2/libdb2/btree/btree.h#L228
https://github.com/krb5/krb5/blob/f8a0bee0a54ba0d96804631a3261ecd233051863/src/kdc/rtest.c#L88

I also found a minor memory leak issue. We don't call the
krb5_free_cred_contents function for creds if we follow the label here:
https://github.com/krb5/krb5/blob/f8a0bee0a54ba0d96804631a3261ecd233051863/src/lib/gssapi/krb5/acquire_cred.c#L639

With respect,
Evgeny Shemyakin