Fixes for some issues found using Coverity

Greg Hudson ghudson at
Mon Mar 20 13:12:36 EDT 2017

On 03/20/2017 01:03 PM, Kittel, Martin wrote:
> we ship krb5 as part of some of our products and as part of our QA we run Coverity scans on all components, including krb5.
> As part of these scans a number of issues were found that we think need or might need fixing. I am wondering now how to best feed back those fixes into the mainline
> I have prepared a first bunch of git commits against the current HEAD from and tried to group them according to the Coverity findings. However I don't know whether I can feed these into krb5-bugs directly. What is the preferred way to post such patches?

For any issue which might have a realistic security impact, please send
mail to krbcore-security at  (It's likely that most Coverity
defects with a security impact have been fixed already, but there's a
chance that not all have.)  You can PGP-encrypt mail to krbcore-security
using the key listed at if
you're set up to do that.

For other changes, please create a github pull request.  See for more information.
 Don't get too bogged down in the details; we can always fix those up if

More information about the krbdev mailing list