Segfault during krb5_set_password

Greg Hudson ghudson at MIT.EDU
Mon Apr 16 19:28:45 EDT 2012

On 04/16/2012 07:03 PM, Jonathan Reams wrote:
> For now I've set it to skip any password change operations where the
> password text string is NULL, but is this something the krb5 libs
> should have caught?

I think the code is behaving as intended.  krb5_set_password is within
its rights to crash with a null password parameter, and it's obviously
deliberate (based on code inspection) that chpass is called with a null
newpw during a randkey operation.  I've checked in a change to
kadm5_hook_plugin.h to document this, as it was previously undocumented.

> Also, are there any upper bounds on the size of a password passed in?
> Would a hypothetical 4KB password cause issues?

I think that should work, but I don't think we have any test cases
covering a password that large, so I'm not certain.

More information about the krbdev mailing list