Skip Menu |
 

Subject: krb_mk_req_creds probably ought not to zero the session key
Attempting to do something useful with krb_mk_req_creds in 1.3beta2, I
discovered that it zeroed out the session key in the supplied CREDENTIAL
structure. This makes sense for krb_mk_req which never supplies the
CREDENTIAL structure to the user, but is sort of annoying if you were
intending to use the session key later. (Also sort of ungood if you
haven't already stashed the credentials for later.)

I can't come up with a use case where it's really the right thing.
Subject: krb_mk_req_creds probably ought not to zero the session key
Attempting to do something useful with krb_mk_req_creds in 1.3beta2, I
discovered that it zeroed out the session key in the supplied CREDENTIAL
structure. This makes sense for krb_mk_req which never supplies the
CREDENTIAL structure to the user, but is sort of annoying if you were
intending to use the session key later. (Also sort of ungood if you
haven't already stashed the credentials for later.)

I can't come up with a use case where it's really the right thing.
From: tlyu@mit.edu
Subject: CVS Commit
* change_password.c (krb_change_password): Explicitly zero the
session key. Zero the key derived from the new password.

* mk_req.c (krb_mk_req): Explicitly zero the session key.
(krb_mk_req_creds_prealm): Don't zero the session key, in case the
caller wants to make use of it.


To generate a diff of this commit:



cvs diff -r1.179 -r1.180 krb5/src/lib/krb4/ChangeLog
cvs diff -r1.6 -r1.7 krb5/src/lib/krb4/change_password.c
cvs diff -r1.11 -r1.12 krb5/src/lib/krb4/mk_req.c
From: tlyu@mit.edu
Subject: CVS Commit
pullup from trunk


To generate a diff of this commit:



cvs diff -r1.174.2.5 -r1.174.2.6 krb5/src/lib/krb4/ChangeLog
cvs diff -r1.6 -r1.6.2.1 krb5/src/lib/krb4/change_password.c
cvs diff -r1.11 -r1.11.2.1 krb5/src/lib/krb4/mk_req.c