Bug in mechglue's copy_mech_cred function?
Greg Hudson
ghudson at mit.edu
Thu May 21 17:44:13 EDT 2026
On 5/20/26 19:43, Sands, Daniel N. via krbdev wrote:
> I'm looking at code in the 1.18 distribution as well as 1.21. I have what I'm pretty sure is a bug that will cause memory corruption and/or segfaults for 3rd party gssapi mechs, at the least.
I think this analysis is correct, with the proviso that most likely no
applications ever reach this helper function, much less the broken
fallback case. copy_mech_cred() is only reached when an application
calls gss_add_cred() with both input_cred_handle and output_cred_handle
specified.
I submitted https://github.com/krb5/krb5/pull/1514 to fix the bug.
More information about the krbdev
mailing list