RT RT/krbdev.mit.edu: Ticket History #3490 getpwnam_r status checked incorrectly Signed in as guest.

[Home] [Search] [Configuration]

[Display] [History] [Basics] [Dates] [People] [Links] [Jumbo]


History   Display mode: [Brief headers] [Full headers]
      Sat Mar  4 21:57:37 2006  guest - Ticket created    
Subject: getpwnam_r status checked incorrectly


glibc's getpwnam_r returns success even if the user wasn't found, but
the result pointer is set to NULL.  The Kerberos source assumes that
k5_getpwnam_r will fail if the user wasn't found and dereferences OUT
without any further checks.  Use a technique similar to the other cases
and change the status to -1 if OUT is NULL.

A better approach may be to change the source to not assume success
means that OUT is non-NULL, since that appears to be all POSIX
guarantees.  But this works.

Download (untitled) 485b
Download getpwnam_r-status 1k
      Tue Jun 13 11:18:08 2006  rra - Status changed from new to resolved    
      Tue Jun 13 11:18:09 2006  rra - Version_reported 1.4.3 added    
      Tue Jun 13 11:18:09 2006  rra - Given to rra    
      Tue Jun 13 11:18:10 2006  rra - Component krb5-libs added    
      Tue Jun 13 11:18:10 2006  rra - Correspondence added    
From: Russ Allbery <rra@stanford.edu>
Subject: CVS Commit

POSIX allows getpwnam_r and getpwuid_r to return 0 (success) even if the
username or UID could not be found, in which case OUT will be set to
NULL.  Elsewhere, code assumes that if k5_getpwnam_r or k5_getpwuid_r
returns 0, OUT is non-NULL.  Check whether OUT is NULL and adjust the
return value accordingly in the k5_getpw{nam,uid}_r wrappers.

Commit By: rra

Revision: 18121
Changed Files:
U   trunk/src/include/k5-platform.h

Download (untitled) 430b
      Mon Jun 19 21:33:43 2006  tlyu - Version_Fixed 1.5 added