Data initialization problem in krb-1.6.3

Howard Wilkinson howard at
Tue Dec 9 10:04:05 EST 2008

I have been chasing a problem reported by valgrind when using GSSAPI to 
connect to an LDAP server. I have managed to pin this down to 
uninitialized data inside the Kerberos code.

I attach a patch which fixes this in what is probably a too conservative 
fashion as I have chased this through a number of different scenarios.

The final fix was in the memory allocated for the k5seal.c and 
k5sealv3.c files.

In the process I have also added memory clearing functions to other data 
that was not being initialized.

I have also restructured the k5arcfour_init routine. Some of this was 
taken from the trunk head in the subversion repository, some is my 
removing intermediate storage items to simplify the code flow.

I would like to see the intent of this patch incorporated into the main 
line development, I have no burning desire to have the patch as written 

Regards, Howard

-------------- next part --------------
A non-text attachment was scrubbed...
Name: krb5-1.6.3-meminitfix.patch
Type: text/x-patch
Size: 6218 bytes
Desc: not available
Url :

More information about the krbdev mailing list