MITKRB5-SA-2007-005: kadmind vulnerable to buffer overflow
Russ Allbery
rra at stanford.edu
Wed Jun 27 16:33:11 EDT 2007
Mike Friedman <mikef at ack.berkeley.edu> writes:
> I guess you're referring to Russ Allbery's patch.
> Maybe I'm missing something, but I don't see your proposed change; what
> you included in your email seems to be just Russ's patch as-is.
> Are you saying that 'error_message(ret.code)' should be replaced with
> something else, because the test for (ret.code == 0) is not always
> reliable as an indicator of success? If so, what should be used
> instead?
There's a minor error in my patch in that I replaced:
((ret.code == 0) ? "success" : error_message(ret.code))
with a simple
error_message(ret.code)
inadvertantly. The modification is in the previous message, but the
quoting wasn't changed so it's a bit hard to see.
This change makes no difference on Linux, since on Linux strerror(0)
returns "Success" anyway. It may be significant on other platforms.
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the krbdev
mailing list