From ali_m_000@hotmail.com Wed Feb 13 09:33:49 2002 Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id JAA22015 for ; Wed, 13 Feb 2002 09:33:48 -0500 (EST) Received: from hotmail.com (f212.pav1.hotmail.com [64.4.31.212]) by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id JAA26047 for ; Wed, 13 Feb 2002 09:33:47 -0500 (EST) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Wed, 13 Feb 2002 06:33:47 -0800 Received: from 160.83.32.14 by pv1fd.pav1.hotmail.msn.com with HTTP; Wed, 13 Feb 2002 14:33:47 GMT Message-Id: Date: Wed, 13 Feb 2002 14:33:47 +0000 From: "Ali M" To: krb5-bugs@mit.edu Subject: kinit: Segmentation Fault >Number: 1055 >Category: krb5-clients >Synopsis: kinit: Segmentation Fault >Confidential: yes >Severity: serious >Priority: medium >Responsible: krb5-unassigned >State: open >Class: sw-bug >Submitter-Id: unknown >Arrival-Date: Wed Feb 13 09:34:00 EST 2002 >Last-Modified: Thu Apr 4 16:38:50 EST 2002 >Originator: >Organization: >Release: >Environment: >Description: >How-To-Repeat: >Fix: >Audit-Trail: Responsible-Changed-From-To: gnats-admin->krb5-unassigned Responsible-Changed-By: hartmans Responsible-Changed-When: Thu Apr 4 16:38:46 2002 Responsible-Changed-Why: >Unformatted: Version: kerberos V 1.2.3 Location: src/lib/krb5/krb/gic_pwd.c line 271 Platform: Solaris 2.6 (though by its nature, should affect all) Description: When attempting to aquire a TGT from a server that has "User must change password at next logon" set, if a new password is entered that does not meet the password requirements for the server a seg fault occurs when the "Password Change Rejected. Please Try Again message" is printed. The reason being is that result_string.length is zero (OK) but the pointer result_string.data is NULL - kerrrunch! As you can see, the same could be possible with code_string so the same action is taken Resolution: Existing code: sprintf(banner, "%.*s%s%.*s. Please try again.\n", code_string.length, code_string.data, result_string.length?": ":"", result_string.length, result_string.data); Suggested fix: sprintf(banner, "%.*s%s%.*s. Please try again.\n", code_string.length, code_string.data ? code_string.data : "", result_string.length?": ":"", result_string.length, result_string.data ? result_string.data : "" ); After grepping the source, I find the same may occur at the following locations requiring the same action... src/clients/kpasswd/kpasswd.c line 137 src/mac/kpasswd.c line 139 src/windows/cns/kpasswd/c line 82 And possibly in the macro SAMDATA in src/lib/krb5/krb/preauth2.c line 220 ...though unless it breaks for me, I can't be bothered to pick apart the macro :-) Regards, Alistair Mackay _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com