Return-Path: Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (Postfix) with ESMTP id 41E013DFA5; Fri, 27 Aug 2010 14:16:37 -0400 (EDT) Received: from pch.mit.edu (pch.mit.edu [127.0.0.1]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o7RIGbDI023554; Fri, 27 Aug 2010 14:16:37 -0400 Received: from mailhub-dmz-3.mit.edu (MAILHUB-DMZ-3.MIT.EDU [18.9.21.42]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id o7QEc2Dr002808 for ; Thu, 26 Aug 2010 10:38:02 -0400 Received: from dmz-mailsec-scanner-8.mit.edu (DMZ-MAILSEC-SCANNER-8.MIT.EDU [18.7.68.37]) by mailhub-dmz-3.mit.edu (8.13.8/8.9.2) with ESMTP id o7QEYjW2019881 for ; Thu, 26 Aug 2010 10:38:02 -0400 X-Auditid: 12074425-b7cccae000005f17-95-4c767c42b182 Received: from agogare.doit.wisc.edu ( [144.92.197.211]) by dmz-mailsec-scanner-8.mit.edu (Symantec Brightmail Gateway) with SMTP id 8B.B4.24343.24C767C4; Thu, 26 Aug 2010 10:37:54 -0400 (EDT) MIME-Version: 1.0 Content-Transfer-Encoding: 7BIT Content-Type: text/plain; CHARSET=US-ASCII; format=flowed Received: from avs-daemon.smtpauth2.wiscmail.wisc.edu by smtpauth2.wiscmail.wisc.edu (Sun Java(tm) System Messaging Server 7u2-7.05 32bit (built Jul 30 2009)) id <0L7R00300KNDXX00@smtpauth2.wiscmail.wisc.edu> for krb5-bugs@mit.edu; Thu, 26 Aug 2010 09:38:01 -0500 (CDT) Received: from mfr.doit.wisc.edu (mfr.doit.wisc.edu [128.104.18.55]) by smtpauth2.wiscmail.wisc.edu (Sun Java(tm) System Messaging Server 7u2-7.05 32bit (built Jul 30 2009)) with ESMTPSA id <0L7R00C9DKN9T290@smtpauth2.wiscmail.wisc.edu> for krb5-bugs@mit.edu; Thu, 26 Aug 2010 09:38:00 -0500 (CDT) Date: Thu, 26 Aug 2010 09:37:57 -0500 From: Mike Roszkowski Subject: has_mandatory_for_kdc_authdata checks only first authdata element To: krb5-bugs@mit.edu Message-ID: <4C767C45.9090904@wisc.edu> X-Spam-Report: AuthenticatedSender=yes, SenderIP=128.104.18.55 X-Spam-Pmxinfo: Server=avs-13, Version=5.6.0.2009776, Antispam-Engine: 2.7.2.376379, Antispam-Data: 2010.8.26.142415, SenderIP=128.104.18.55 User-Agent: Thunderbird 2.0.0.24 (Macintosh/20100228) X-Brightmail-Tracker: AAAAAA== X-Mailman-Approved-At: Fri, 27 Aug 2010 14:16:35 -0400 X-Beenthere: krb5-bugs-incoming@mailman.mit.edu X-Mailman-Version: 2.1.6 Precedence: list Sender: krb5-bugs-incoming-bounces@PCH.mit.edu Errors-To: krb5-bugs-incoming-bounces@PCH.mit.edu X-RT-Original-Encoding: iso-8859-1 Content-Length: 1036 >Submitter-Id: net >Originator: Mike Roszkowski >Organization: University of Wisconsin-Madison >Confidential: no >Synopsis: has_mandatory_for_kdc_authdata checks only first authdata element >Severity: non-critical >Priority: low >Category: krb5-kdc >Class: sw-bug >Release: 1.8.2 >Environment: System: Linux sugar.doit.wisc.edu 2.6.18-194.3.1.el5 #1 SMP Sun May 2 04:17:42 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux Architecture: x86_64 >Description: I was trying to debug a kdc crash and was looking at kdc_authdata.c and found what looks to be a typo in has_mandatory_for_kdc_authdata: 1 if (authdata != NULL) { 2 for (i = 0; authdata[i] != NULL; i++) { 3 if (authdata[0]->ad_type == KRB5_AUTHDATA_MANDATORY_FOR_KDC) { 4 ret = TRUE; 5 break; 6 } 7 } 8 } In the line marked "3" above, only authdata[0] is being checked. I think the intention was to check all the authdata elements, so it should be authdata[i]. >How-To-Repeat: >Fix: