Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP id QAA22860; Sat, 29 May 2004 16:48:25 -0400 (EDT) Received: from pch.mit.edu (localhost [127.0.0.1]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i4TKmPos004965 for ; Sat, 29 May 2004 16:48:25 -0400 (EDT) Received: from biscayne-one-station.mit.edu (BISCAYNE-ONE-STATION.MIT.EDU [18.7.7.80]) by pch.mit.edu (8.12.8p2/8.12.8) with ESMTP id i4TEMAos025711 for ; Sat, 29 May 2004 10:22:10 -0400 (EDT) Received: from manawatu-mail-centre.mit.edu (MANAWATU-MAIL-CENTRE.MIT.EDU [18.7.7.71])i4TEMABD017872 for ; Sat, 29 May 2004 10:22:10 -0400 (EDT) Received: from contents-vnder-pressvre.mit.edu (CONTENTS-VNDER-PRESSVRE.MIT.EDU [18.7.16.67]) (authenticated bits=56) (User authenticated as epeisach@ATHENA.MIT.EDU)i4TEM9oM017793 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT) for ; Sat, 29 May 2004 10:22:10 -0400 (EDT) Received: (from epeisach@localhost) by contents-vnder-pressvre.mit.edu (8.12.9) id i4TEM9UQ013700; Sat, 29 May 2004 10:22:09 -0400 (EDT) Date: Sat, 29 May 2004 10:22:09 -0400 (EDT) Message-Id: <200405291422.i4TEM9UQ013700@contents-vnder-pressvre.mit.edu> From: Ezra Peisach To: krb5-bugs@mit.edu Content-Type: text X-Mailman-Approved-At: Sat, 29 May 2004 16:48:23 -0400 Subject: kdc: add_to_transited may reference off end of array... X-Beenthere: krb5-bugs-incoming@mit.edu X-Mailman-Version: 2.1 Precedence: list Sender: krb5-bugs-incoming-bounces@mit.edu Errors-To: krb5-bugs-incoming-bounces@mit.edu Content-Length: 615 While using valgrind on some test programs, it picked up on a conditional based on an uninitialized value... In kdc_util.c, about line 683 nlst = i - 1; if i is 0, then nlst is -1. If added is false, then the line 702 shows... if ((next[nlst] != '.') && (next[0] != '/') && This code is executed with the rtest program: ./rtest ATHENA.MIT.EDU MIT.EDU SUB1W.CS.WASHINGTON.EDU SUB1M.ATHENA.MIT.EDU among others... I am still trying to understand the code to figure out the best solution... I think this code is hit when the tgt_trans does not contain a comma, among other circumstances... Ezra