MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
mikef at ack.berkeley.edu
Wed Jun 27 16:27:11 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
On Wed, 27 Jun 2007 at 13:28 (-0500), Lee Hinman wrote:
> Just a little suggestion on your patch. Calling error_message
> (ret.code) when ret.code == 0 may cause your output to be something like
> "Unknown error: 0". It will depend on what your libc does when you call
> sterror(0). Previously it would print out "success". The change below
> restores that behavior.
I guess you're referring to Russ Allbery's patch.
Maybe I'm missing something, but I don't see your proposed change; what
you included in your email seems to be just Russ's patch as-is.
Are you saying that 'error_message(ret.code)' should be replaced with
something else, because the test for (ret.code == 0) is not always
reliable as an indicator of success? If so, what should be used instead?
Thanks in advance for clarifying.
Mike Friedman Information Services & Technology
mikef at ack.Berkeley.EDU 2484 Shattuck Avenue
1-510-642-1410 University of California at Berkeley
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
-----END PGP SIGNATURE-----
More information about the krbdev