MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow

Russ Allbery rra at
Wed Jun 27 16:33:11 EDT 2007

Mike Friedman <mikef at> writes:

> I guess you're referring to Russ Allbery's patch.

> Maybe I'm missing something, but I don't see your proposed change; what 
> you included in your email seems to be just Russ's patch as-is.

> Are you saying that 'error_message(ret.code)' should be replaced with
> something else, because the test for (ret.code == 0) is not always
> reliable as an indicator of success?  If so, what should be used
> instead?

There's a minor error in my patch in that I replaced:

    ((ret.code == 0) ? "success" : error_message(ret.code))

with a simple


inadvertantly.  The modification is in the previous message, but the
quoting wasn't changed so it's a bit hard to see.

This change makes no difference on Linux, since on Linux strerror(0)
returns "Success" anyway.  It may be significant on other platforms.

Russ Allbery (rra at             <>

More information about the krbdev mailing list