Fixes for some issues found using Coverity
martin.kittel at sap.com
Thu Mar 30 04:17:36 EDT 2017
Thanks for merging our patches.
We still have quite a number of Coverity messages to go through and I was wondering whether you are interested in more patches from our side. Chances are that most of them will be related to code hygiene rather than actual bugs just as it was the case with the current patch sets. For us as the non-experts it is challenging to tell the two apart.
In any case if we think Coverity found something critical or obvious bugs then we will get in touch with you again.
From: Greg Hudson [mailto:ghudson at mit.edu]
Sent: Montag, 20. März 2017 18:13
To: Kittel, Martin <martin.kittel at sap.com>; krbdev at mit.edu
Subject: Re: Fixes for some issues found using Coverity
On 03/20/2017 01:03 PM, Kittel, Martin wrote:
> we ship krb5 as part of some of our products and as part of our QA we run Coverity scans on all components, including krb5.
> As part of these scans a number of issues were found that we think need or might need fixing. I am wondering now how to best feed back those fixes into the mainline
> I have prepared a first bunch of git commits against the current HEAD from https://github.com/krb5/krb5 and tried to group them according to the Coverity findings. However I don't know whether I can feed these into krb5-bugs directly. What is the preferred way to post such patches?
For any issue which might have a realistic security impact, please send
mail to krbcore-security at mit.edu. (It's likely that most Coverity
defects with a security impact have been fixed already, but there's a
chance that not all have.) You can PGP-encrypt mail to krbcore-security
using the key listed at https://web.mit.edu/kerberos/contact.html if
you're set up to do that.
For other changes, please create a github pull request. See
https://k5wiki.kerberos.org/wiki/Contributing_code for more information.
Don't get too bogged down in the details; we can always fix those up if
More information about the krbdev