Fixes for some issues found using Coverity
Greg Hudson
ghudson at mit.edu
Mon Mar 20 13:12:36 EDT 2017
On 03/20/2017 01:03 PM, Kittel, Martin wrote:
> we ship krb5 as part of some of our products and as part of our QA we run Coverity scans on all components, including krb5.
> As part of these scans a number of issues were found that we think need or might need fixing. I am wondering now how to best feed back those fixes into the mainline
> I have prepared a first bunch of git commits against the current HEAD from https://github.com/krb5/krb5 and tried to group them according to the Coverity findings. However I don't know whether I can feed these into krb5-bugs directly. What is the preferred way to post such patches?
For any issue which might have a realistic security impact, please send
mail to krbcore-security at mit.edu. (It's likely that most Coverity
defects with a security impact have been fixed already, but there's a
chance that not all have.) You can PGP-encrypt mail to krbcore-security
using the key listed at https://web.mit.edu/kerberos/contact.html if
you're set up to do that.
For other changes, please create a github pull request. See
https://k5wiki.kerberos.org/wiki/Contributing_code for more information.
Don't get too bogged down in the details; we can always fix those up if
necessary.
More information about the krbdev
mailing list