Segfault during krb5_set_password
ghudson at MIT.EDU
Mon Apr 16 19:28:45 EDT 2012
On 04/16/2012 07:03 PM, Jonathan Reams wrote:
> For now I've set it to skip any password change operations where the
> password text string is NULL, but is this something the krb5 libs
> should have caught?
I think the code is behaving as intended. krb5_set_password is within
its rights to crash with a null password parameter, and it's obviously
deliberate (based on code inspection) that chpass is called with a null
newpw during a randkey operation. I've checked in a change to
kadm5_hook_plugin.h to document this, as it was previously undocumented.
> Also, are there any upper bounds on the size of a password passed in?
> Would a hypothetical 4KB password cause issues?
I think that should work, but I don't think we have any test cases
covering a password that large, so I'm not certain.
More information about the krbdev