Fixes for some issues found using Coverity

Kittel, Martin martin.kittel at
Thu Mar 30 04:17:36 EDT 2017

Thanks for merging our patches.

We still have quite a number of Coverity messages to go through and I was wondering whether you are interested in more patches from our side. Chances are that most of them will be related to code hygiene rather than actual bugs just as it was the case with the current patch sets. For us as the non-experts it is challenging to tell the two apart. 
In any case if we think Coverity found something critical or obvious bugs then we will get in touch with you again.

Best wishes,


-----Original Message-----
From: Greg Hudson [mailto:ghudson at] 
Sent: Montag, 20. März 2017 18:13
To: Kittel, Martin <martin.kittel at>; krbdev at
Subject: Re: Fixes for some issues found using Coverity

On 03/20/2017 01:03 PM, Kittel, Martin wrote:
> we ship krb5 as part of some of our products and as part of our QA we run Coverity scans on all components, including krb5.
> As part of these scans a number of issues were found that we think need or might need fixing. I am wondering now how to best feed back those fixes into the mainline
> I have prepared a first bunch of git commits against the current HEAD from and tried to group them according to the Coverity findings. However I don't know whether I can feed these into krb5-bugs directly. What is the preferred way to post such patches?

For any issue which might have a realistic security impact, please send
mail to krbcore-security at  (It's likely that most Coverity
defects with a security impact have been fixed already, but there's a
chance that not all have.)  You can PGP-encrypt mail to krbcore-security
using the key listed at if
you're set up to do that.

For other changes, please create a github pull request.  See for more information.
 Don't get too bogged down in the details; we can always fix those up if

More information about the krbdev mailing list