[krbdev.mit.edu #7802] git commit
Richard Basch
basch at alum.mit.edu
Tue Dec 31 18:58:09 EST 2013
BTW, I am not sure this part of the patch is correct...
retval = decode_krb5_tgs_req(pkt, &request);
+ /* Save pointer to client-requested service principal, in case of
errors
+ * before a successful call to search_sprinc(). */
+ sprinc = request->server;
if (retval)
return retval;
If decode_krb5_tgs_req fails, I foresee a potential dereference of a null
pointer. You might only want to set sprinc after confirming retval = 0.
-----Original Message-----
From: krb5-bugs-bounces at MIT.EDU [mailto:krb5-bugs-bounces at MIT.EDU] On Behalf
Of Tom Yu via RT
Sent: Monday, December 30, 2013 8:58 PM
To: 'AdminCc of krbdev.mit.edu Ticket #7802':
Subject: [krbdev.mit.edu #7802] git commit
Log service princ in KDC more reliably
Under some error conditions, the KDC would log "<unknown server>" for
the service principal because service principal information is not yet
available to the logging functions. Set the appropriate variables
earlier.
do_as_req.c: After unparsing the client, immediately unparse the
server before searching for the client principal in the KDB.
do_tgs_req.c: Save a pointer to the client-requested service
principal, to make sure it gets logged if an error happens before
search_sprinc() successfully completes.
[tlyu at mit.edu: commit message; fix TGS to catch more error cases]
https://github.com/krb5/krb5/commit/f37067776f9431879769f3874fdab6120ba3f155
Author: rbasch <probe at tardis.internal.bright-prospects.com>
Committer: Tom Yu <tlyu at mit.edu>
Commit: f37067776f9431879769f3874fdab6120ba3f155
Branch: master
src/kdc/do_as_req.c | 25 +++++++++++++------------
src/kdc/do_tgs_req.c | 5 +++++
2 files changed, 18 insertions(+), 12 deletions(-)
_______________________________________________
krb5-bugs mailing list
krb5-bugs at mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
More information about the krbdev
mailing list