To: | rt-krb5@krbdev.mit.edu |
Subject: | get_in_tkt_with_keytab passes wrong pointer to get_init_creds |
From: | Tom Yu <tlyu@mit.edu> |
Date: | Fri, 27 Jun 2003 13:35:00 -0400 |
Return-Path: <herb@sgi.com>
Sender: herb@chomps.engr.sgi.com
Message-ID: <3EFA2803.EB1D2EC2@sgi.com>
Date: Wed, 25 Jun 2003 15:53:55 -0700
From: Herb Lewis <herb@sgi.com>
Organization: Silicon Graphics Inc.
To: Tom Yu <tlyu@mit.edu>
Subject: Re: krb5-1.3-beta4 is available
References: <ldvel1tnvcj.fsf@cathode-dark-space.mit.edu>
Lines: 59
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==-=-="
--==-=-=
There is a minor problem we have discovered in the file
krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c
In the function krb5_get_in_tkt_with_keytab you define the following
variable
krb5_keytab keytab; (krb5_keytab is actually a pointer to a structure)
and then pass the variable to the function krb5_get_init_creds as
&keytab (the argument is (void *)gak_data in this function). This
variable is then passed to the routine krb5_get_as_key_keytab where
it is used in the assignment
krb5_keytab keytab = (krb5_keytab) gak_data;
but at this point it is actually a pointer to a krb5_keytab.
All other calls to krb5_get_init_creds use (void *) keytab not
&keytab as the argument.
We get a SEGV because of a null pointer dereference when you use
the command "kadmin -k". The following patch fixes this.
--
======================================================================
Herb Lewis Silicon Graphics
Networking Engineer 1600 Amphitheatre Pkwy MS-510
Strategic Software Organization Mountain View, CA 94043-1351
herb@sgi.com Tel: 650-933-2177
http://www.sgi.com Fax: 650-932-2177
PGP Key: 0x8408D65D
======================================================================
--==-=-=
Content-Type: text/plain; name=patches
Content-Disposition: inline; filename=patches
--- krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c.orig
+++ krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c
@@ -174,7 +174,7 @@
creds, creds->client,
krb5_prompter_posix, NULL,
0, server, &opt,
- krb5_get_as_key_keytab, &keytab,
+ krb5_get_as_key_keytab, (void *) keytab,
0, ret_as_reply);
krb5_free_unparsed_name( context, server);
if (retval) {
--==-=-=--
Sender: herb@chomps.engr.sgi.com
Message-ID: <3EFA2803.EB1D2EC2@sgi.com>
Date: Wed, 25 Jun 2003 15:53:55 -0700
From: Herb Lewis <herb@sgi.com>
Organization: Silicon Graphics Inc.
To: Tom Yu <tlyu@mit.edu>
Subject: Re: krb5-1.3-beta4 is available
References: <ldvel1tnvcj.fsf@cathode-dark-space.mit.edu>
Lines: 59
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="==-=-="
--==-=-=
There is a minor problem we have discovered in the file
krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c
In the function krb5_get_in_tkt_with_keytab you define the following
variable
krb5_keytab keytab; (krb5_keytab is actually a pointer to a structure)
and then pass the variable to the function krb5_get_init_creds as
&keytab (the argument is (void *)gak_data in this function). This
variable is then passed to the routine krb5_get_as_key_keytab where
it is used in the assignment
krb5_keytab keytab = (krb5_keytab) gak_data;
but at this point it is actually a pointer to a krb5_keytab.
All other calls to krb5_get_init_creds use (void *) keytab not
&keytab as the argument.
We get a SEGV because of a null pointer dereference when you use
the command "kadmin -k". The following patch fixes this.
--
======================================================================
Herb Lewis Silicon Graphics
Networking Engineer 1600 Amphitheatre Pkwy MS-510
Strategic Software Organization Mountain View, CA 94043-1351
herb@sgi.com Tel: 650-933-2177
http://www.sgi.com Fax: 650-932-2177
PGP Key: 0x8408D65D
======================================================================
--==-=-=
Content-Type: text/plain; name=patches
Content-Disposition: inline; filename=patches
--- krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c.orig
+++ krb5-1.3-beta4/src/lib/krb5/krb/gic_keytab.c
@@ -174,7 +174,7 @@
creds, creds->client,
krb5_prompter_posix, NULL,
0, server, &opt,
- krb5_get_as_key_keytab, &keytab,
+ krb5_get_as_key_keytab, (void *) keytab,
0, ret_as_reply);
krb5_free_unparsed_name( context, server);
if (retval) {
--==-=-=--