RT RT/krbdev.mit.edu: Ticket #2891 lib/kdb/keytab.c accesses uninitialized var Signed in as guest.
[Logout]

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]

 
 

 The Basics  
Id
2891
Status
resolved
Worked
0 min
Priority
0/0
Queue
krb5
 

 Keyword Selections  
Component
  • krb5-libs
Version_reported
  • 1.3.6
Version_Fixed
  • 1.4
Target_Version
Tags
 

 Relationships  
Depends on:
Depended on by:
Parents:
Children:

Refers to:
Referred to by:
 
 Dates  
Created: Fri Jan 21 14:43:07 2005
Starts: Not set
Started: Mon Jan 24 17:10:16 2005
Last Contact: Mon Jan 24 17:18:32 2005
Due: Not set
Updated: Mon Jan 24 17:19:24 2005 by tlyu
 

 People  
Owner
 Nobody
Requestors
 wayne.morrison@hp.com
Cc
 
AdminCc
 
 

 More about "Morrison, Wayne"  
Comments about this user:
No comment entered about this user
This user's 25 highest priority tickets:
 

History   Display mode: [Brief headers] [Full headers]
      Fri Jan 21 14:43:08 2005  wayne.morrison@hp.com - Ticket created    
      
Date: Fri, 21 Jan 2005 12:31:48 -0500
From: "Morrison, Wayne" <wayne.morrison@hp.com>
To: <krb5-bugs@mit.edu>
Subject: Access to uninitialized variable in keytab.c in 1.3.6 code

I checked the bug archive, and didn't see any reference to this, so...

There is a problem in src/lib/kdb/keytab.c where "context" is being
accessed before it is being assigned.  The assignment of "xrealm_tgt"
should happen after the "if" statement where "context" is assigned,
and not in the variable declaration.

 krb5_error_code
 krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
     krb5_context          in_context;
     krb5_keytab           id;
     krb5_const_principal  principal;
     krb5_kvno             kvno;
     krb5_enctype          enctype;
     krb5_keytab_entry   * entry;
 {
     krb5_context          context;
     krb5_keyblock       * master_key;
     krb5_error_code       kerror = 0;
     krb5_key_data       * key_data;
     krb5_db_entry         db_entry;
     krb5_boolean          more = 0;
     int                   n = 0;
     int xrealm_tgt = is_xrealm_tgt(context, principal);
     int similar;

     if (ktkdb_ctx)
         context = ktkdb_ctx;
     else
         context = in_context;
 ...

Download (untitled) 1k
      Mon Jan 24 17:10:16 2005  raeburn - Status changed from new to resolved    
      Mon Jan 24 17:10:17 2005  raeburn - Component krb5-libs added    
      Mon Jan 24 17:10:18 2005  raeburn - Version_Fixed 1.4 added    
      Mon Jan 24 17:10:18 2005  raeburn - Correspondence added    
      
This has been fixed in our source tree since about April, and the fix
will be in the 1.4 release.

I only checked briefly, but I don't think the uninitialized value is
actually used in any way other than passing it around to other functions
that don't use it....

Download (untitled) 262b
      Mon Jan 24 17:18:29 2005  tlyu - Correspondence added    
      
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2891] Access to uninitialized variable in keytab.c in 1.3.6 code
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 24 Jan 2005 17:18:27 -0500
RT-Send-Cc: 

>>>>> "Ken" == Ken Raeburn via RT <rt-comment@krbdev.mit.edu> writes:

Ken> I only checked briefly, but I don't think the uninitialized value
Ken> is actually used in any way other than passing it around to other
Ken> functions that don't use it....

is_xrealm_tgt() only calls macros which ignore the value of context,
so this is actually not a problem in practice.

---Tom

Download (untitled) 375b
      Mon Jan 24 17:19:23 2005  tlyu - Subject changed from Access to uninitialized variable in keytab.c in 1.3.6 code to lib/kdb/keytab.c accesses uninitialized var    
      Mon Jan 24 17:19:23 2005  tlyu - Version_reported 1.3.6 added