Skip Menu |

From Wed Feb 13 09:33:49 2002
Received: from (FORT-POINT-STATION.MIT.EDU [])
by (8.9.3/8.9.3) with ESMTP id JAA22015
for <>; Wed, 13 Feb 2002 09:33:48 -0500 (EST)
Received: from ( [])
by (8.9.2/8.9.2) with ESMTP id JAA26047
for <>; Wed, 13 Feb 2002 09:33:47 -0500 (EST)
Received: from mail pickup service by with Microsoft SMTPSVC;
Wed, 13 Feb 2002 06:33:47 -0800
Received: from by with HTTP;
Wed, 13 Feb 2002 14:33:47 GMT
Message-Id: <>
Date: Wed, 13 Feb 2002 14:33:47 +0000
From: "Ali M" <>
Subject: kinit: Segmentation Fault

Show quoted text
>Number: 1055
>Category: krb5-clients
>Synopsis: kinit: Segmentation Fault
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Feb 13 09:34:00 EST 2002
>Last-Modified: Thu Apr 4 16:38:50 EST 2002

Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: hartmans
Responsible-Changed-When: Thu Apr 4 16:38:46 2002

Show quoted text
Version: kerberos V 1.2.3
Location: src/lib/krb5/krb/gic_pwd.c line 271
Platform: Solaris 2.6 (though by its nature, should affect all)
When attempting to aquire a TGT from a server that has "User must change
password at next logon" set, if a new password is entered that does not meet
the password requirements for the server a seg fault occurs when the
"Password Change Rejected. Please Try Again message" is printed.
The reason being is that result_string.length is zero (OK) but the pointer is NULL - kerrrunch!
As you can see, the same could be possible with code_string so the same
action is taken


Existing code:

sprintf(banner, "%.*s%s%.*s. Please try again.\n",
result_string.length?": ":"",

Suggested fix:

sprintf(banner, "%.*s%s%.*s. Please try again.\n",
code_string.length, ? : "",
result_string.length?": ":"",
result_string.length, ? : "" );

After grepping the source, I find the same may occur at the following
locations requiring the same action...
src/clients/kpasswd/kpasswd.c line 137
src/mac/kpasswd.c line 139
src/windows/cns/kpasswd/c line 82

And possibly in the macro SAMDATA in
src/lib/krb5/krb/preauth2.c line 220
...though unless it breaks for me, I can't be bothered to pick apart the
macro :-)


Alistair Mackay

Show quoted text
Chat with friends online, try MSN Messenger:
Subject: CVS Commit
Handle NULL result_string->data returned from error in
krb5_change_password(). The SAMDATA() macro in
lib/krb5/krb/preauth2.c seems to already be fixed.

KfM's kpasswd equivalent still needs to be dealt with.

To generate a diff of this commit:

cvs diff -r1.15 -r1.16 krb5/src/clients/kpasswd/ChangeLog
cvs diff -r1.6 -r1.7 krb5/src/clients/kpasswd/kpasswd.c
cvs diff -r5.372 -r5.373 krb5/src/lib/krb5/krb/ChangeLog
cvs diff -r5.18 -r5.19 krb5/src/lib/krb5/krb/gic_pwd.c
cvs diff -r1.26 -r1.27 krb5/src/windows/cns/ChangeLog
cvs diff -r1.5 -r1.6 krb5/src/windows/cns/kpasswd.c