Review of Kerberos AEAP API
Ken Raeburn
raeburn at MIT.EDU
Thu Dec 4 15:10:23 EST 2008
On Dec 4, 2008, at 13:47, Nicolas Williams wrote:
> On Thu, Dec 04, 2008 at 11:32:14AM -0500, Sam Hartman wrote:
>> The big problem is not with ETOOBIG. The big problem is that if you
>> have a 64-bit size_t and you use krb5_data.length for the output
>> length,then you overwrite 32 bits past the length. You won't detect
>> it on a 32-bit platform, but it will break badly on a 64-bit
>> platform.
>
> The C compiler won't do that on simple assignments. You'd have to be
> using memcpy() for something like that to happen.
Or passing the address of krb5_data.length as the place where the
result should be stored, and ignoring compiler warnings (which, sadly,
is pretty common, at least until we get some more cleanup done).
There are some convoluted ways to force most compilers (I suspect) to
error out on mismatched types, but we probably don't want to get into
that.
Ken
More information about the krbdev
mailing list