[krbdev.mit.edu #9196] Uninitialized paChecksum2 in krb5_encode_test

Martin Řehák via RT rt-comment at krbdev.mit.edu
Tue Feb 10 11:33:29 EST 2026 

Tue Feb 10 11:33:29 2026: Request 9196 was acted upon.
 Transaction: Ticket created by rehak at tekkirk.org
       Queue: krb5
     Subject: Uninitialized paChecksum2 in krb5_encode_test
       Owner: Nobody
  Requestors: rehak at tekkirk.org
      Status: new
 Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9196 >


Hello,

during unit tests run on krb5-1.22.2 krb5_encode_test was giving me a 
SIGSEGV with following backtrace on Oracle Solaris:

$ mdb core
Loading modules: [ libc.so.1 ld.so.1 ]
krb5_encode_test:core> $C
     7fffbfffdac0 libkrb5.so.3.3`nonempty_data+4()
     7fffbfffdb10 libkrb5.so.3.3`encode_atype+0x226()
     7fffbfffdb60 libkrb5.so.3.3`encode_atype+0x273()
     7fffbfffdbb0 libkrb5.so.3.3`encode_atype_and_tag+0x24()
     7fffbfffdbf0 libkrb5.so.3.3`encode_sequence+0x3e()
     7fffbfffdc40 libkrb5.so.3.3`encode_atype+0x2cb()
     7fffbfffdc90 libkrb5.so.3.3`encode_atype+0x273()
     7fffbfffdce0 libkrb5.so.3.3`encode_atype+0x114()
     7fffbfffdd30 libkrb5.so.3.3`encode_atype_and_tag+0x24()
     7fffbfffdd70 libkrb5.so.3.3`encode_sequence+0x3e()
     7fffbfffddc0 libkrb5.so.3.3`encode_atype+0x2cb()
     7fffbfffde10 libkrb5.so.3.3`encode_atype+0x2ae()
     7fffbfffde60 libkrb5.so.3.3`encode_atype+0x246()
     7fffbfffdeb0 libkrb5.so.3.3`encode_atype+0x273()
     7fffbfffdf00 libkrb5.so.3.3`encode_atype+0x114()
     7fffbfffdf50 libkrb5.so.3.3`encode_atype_and_tag+0x24()
     7fffbfffdf90 libkrb5.so.3.3`encode_sequence+0x3e()
     7fffbfffdfe0 libkrb5.so.3.3`encode_atype+0x2cb()
     7fffbfffe030 libkrb5.so.3.3`encode_atype+0x273()
     7fffbfffe080 libkrb5.so.3.3`encode_atype+0x114()
     7fffbfffe0d0 libkrb5.so.3.3`encode_atype_and_tag+0x24()
     7fffbfffe110 libkrb5.so.3.3`encode_sequence+0x3e()
     7fffbfffe160 libkrb5.so.3.3`encode_atype+0x2cb()
     7fffbfffe1b0 libkrb5.so.3.3`encode_atype_and_tag+0x24()
     7fffbfffe210 libkrb5.so.3.3`k5_asn1_full_encode+0x48()
     7fffbfffe220 libkrb5.so.3.3`encode_krb5_auth_pack+0x13()
     7fffbffff120 main+0x4255()
     7fffbffff130 0x4135d4()

This is the test:

     /* encode_krb5_auth_pack */
     {
         krb5_auth_pack pack;
         ktest_make_sample_auth_pack(&pack);
         encode_run(pack, "auth_pack", "", acc.encode_krb5_auth_pack);
         ktest_empty_auth_pack(&pack);
     }

pack structure is uninitalized and that made new optional paChecksum2 
member of _krb5_pk_authenticator uninitialized also and lead time to 
time to crash. krb5 was built using Solaris Developer Studio 12.6.

Attached patch resolves the issue. Please consider integration into main 
branch.

Thank you,
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-krb5_encode_test.patch
Type: text/x-patch
Size: 271 bytes
Desc: not available
URL: <http://mailman.mit.edu/pipermail/krb5-bugs/attachments/20260210/300ca87a/attachment.bin>

More information about the krb5-bugs mailing list