From ali_m_000@hotmail.com Wed Feb 13 09:33:49 2002
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id JAA22015
for <bugs@RT-11.mit.edu>; Wed, 13 Feb 2002 09:33:48 -0500 (EST)
Received: from hotmail.com (f212.pav1.hotmail.com [64.4.31.212])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id JAA26047
for <krb5-bugs@mit.edu>; Wed, 13 Feb 2002 09:33:47 -0500 (EST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Wed, 13 Feb 2002 06:33:47 -0800
Received: from 160.83.32.14 by pv1fd.pav1.hotmail.msn.com with HTTP;
Wed, 13 Feb 2002 14:33:47 GMT
Message-Id: <F212WFvHJnZFrckXCcE00005e5c@hotmail.com>
Date: Wed, 13 Feb 2002 14:33:47 +0000
From: "Ali M" <ali_m_000@hotmail.com>
To: krb5-bugs@mit.edu
Subject: kinit: Segmentation Fault
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: hartmans
Responsible-Changed-When: Thu Apr 4 16:38:46 2002
Responsible-Changed-Why:
Location: src/lib/krb5/krb/gic_pwd.c line 271
Platform: Solaris 2.6 (though by its nature, should affect all)
Description:
When attempting to aquire a TGT from a server that has "User must change
password at next logon" set, if a new password is entered that does not meet
the password requirements for the server a seg fault occurs when the
"Password Change Rejected. Please Try Again message" is printed.
The reason being is that result_string.length is zero (OK) but the pointer
result_string.data is NULL - kerrrunch!
As you can see, the same could be possible with code_string so the same
action is taken
Resolution:
Existing code:
sprintf(banner, "%.*s%s%.*s. Please try again.\n",
code_string.length, code_string.data,
result_string.length?": ":"",
result_string.length, result_string.data);
Suggested fix:
sprintf(banner, "%.*s%s%.*s. Please try again.\n",
code_string.length,
code_string.data ? code_string.data : "",
result_string.length?": ":"",
result_string.length,
result_string.data ? result_string.data : "" );
After grepping the source, I find the same may occur at the following
locations requiring the same action...
src/clients/kpasswd/kpasswd.c line 137
src/mac/kpasswd.c line 139
src/windows/cns/kpasswd/c line 82
And possibly in the macro SAMDATA in
src/lib/krb5/krb/preauth2.c line 220
...though unless it breaks for me, I can't be bothered to pick apart the
macro :-)
Regards,
Alistair Mackay
Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76])
by rt-11.mit.edu (8.9.3/8.9.3) with ESMTP id JAA22015
for <bugs@RT-11.mit.edu>; Wed, 13 Feb 2002 09:33:48 -0500 (EST)
Received: from hotmail.com (f212.pav1.hotmail.com [64.4.31.212])
by fort-point-station.mit.edu (8.9.2/8.9.2) with ESMTP id JAA26047
for <krb5-bugs@mit.edu>; Wed, 13 Feb 2002 09:33:47 -0500 (EST)
Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC;
Wed, 13 Feb 2002 06:33:47 -0800
Received: from 160.83.32.14 by pv1fd.pav1.hotmail.msn.com with HTTP;
Wed, 13 Feb 2002 14:33:47 GMT
Message-Id: <F212WFvHJnZFrckXCcE00005e5c@hotmail.com>
Date: Wed, 13 Feb 2002 14:33:47 +0000
From: "Ali M" <ali_m_000@hotmail.com>
To: krb5-bugs@mit.edu
Subject: kinit: Segmentation Fault
Show quoted text
>Number: 1055
>Category: krb5-clients
>Synopsis: kinit: Segmentation Fault
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Feb 13 09:34:00 EST 2002
>Last-Modified: Thu Apr 4 16:38:50 EST 2002
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Category: krb5-clients
>Synopsis: kinit: Segmentation Fault
>Confidential: yes
>Severity: serious
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Wed Feb 13 09:34:00 EST 2002
>Last-Modified: Thu Apr 4 16:38:50 EST 2002
>Originator:
>Organization:
>Release:
>Environment:
>Description:
>How-To-Repeat:
>Fix:
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: hartmans
Responsible-Changed-When: Thu Apr 4 16:38:46 2002
Responsible-Changed-Why:
Show quoted text
>Unformatted:
Version: kerberos V 1.2.3Location: src/lib/krb5/krb/gic_pwd.c line 271
Platform: Solaris 2.6 (though by its nature, should affect all)
Description:
When attempting to aquire a TGT from a server that has "User must change
password at next logon" set, if a new password is entered that does not meet
the password requirements for the server a seg fault occurs when the
"Password Change Rejected. Please Try Again message" is printed.
The reason being is that result_string.length is zero (OK) but the pointer
result_string.data is NULL - kerrrunch!
As you can see, the same could be possible with code_string so the same
action is taken
Resolution:
Existing code:
sprintf(banner, "%.*s%s%.*s. Please try again.\n",
code_string.length, code_string.data,
result_string.length?": ":"",
result_string.length, result_string.data);
Suggested fix:
sprintf(banner, "%.*s%s%.*s. Please try again.\n",
code_string.length,
code_string.data ? code_string.data : "",
result_string.length?": ":"",
result_string.length,
result_string.data ? result_string.data : "" );
After grepping the source, I find the same may occur at the following
locations requiring the same action...
src/clients/kpasswd/kpasswd.c line 137
src/mac/kpasswd.c line 139
src/windows/cns/kpasswd/c line 82
And possibly in the macro SAMDATA in
src/lib/krb5/krb/preauth2.c line 220
...though unless it breaks for me, I can't be bothered to pick apart the
macro :-)
Regards,
Alistair Mackay
Show quoted text
_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com
Chat with friends online, try MSN Messenger: http://messenger.msn.com