Skip Menu |
 

Date: Fri, 21 Jan 2005 12:31:48 -0500
From: "Morrison, Wayne" <wayne.morrison@hp.com>
To: <krb5-bugs@mit.edu>
Subject: Access to uninitialized variable in keytab.c in 1.3.6 code
I checked the bug archive, and didn't see any reference to this, so...

There is a problem in src/lib/kdb/keytab.c where "context" is being
accessed before it is being assigned. The assignment of "xrealm_tgt"
should happen after the "if" statement where "context" is assigned,
and not in the variable declaration.

krb5_error_code
krb5_ktkdb_get_entry(in_context, id, principal, kvno, enctype, entry)
krb5_context in_context;
krb5_keytab id;
krb5_const_principal principal;
krb5_kvno kvno;
krb5_enctype enctype;
krb5_keytab_entry * entry;
{
krb5_context context;
krb5_keyblock * master_key;
krb5_error_code kerror = 0;
krb5_key_data * key_data;
krb5_db_entry db_entry;
krb5_boolean more = 0;
int n = 0;
int xrealm_tgt = is_xrealm_tgt(context, principal);
int similar;

if (ktkdb_ctx)
context = ktkdb_ctx;
else
context = in_context;
...
This has been fixed in our source tree since about April, and the fix
will be in the 1.4 release.

I only checked briefly, but I don't think the uninitialized value is
actually used in any way other than passing it around to other functions
that don't use it....
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #2891] Access to uninitialized variable in keytab.c in 1.3.6 code
From: Tom Yu <tlyu@mit.edu>
Date: Mon, 24 Jan 2005 17:18:27 -0500
RT-Send-Cc:
Show quoted text
>>>>> "Ken" == Ken Raeburn via RT <rt-comment@krbdev.mit.edu> writes:

Show quoted text
Ken> I only checked briefly, but I don't think the uninitialized value
Ken> is actually used in any way other than passing it around to other
Ken> functions that don't use it....

is_xrealm_tgt() only calls macros which ignore the value of context,
so this is actually not a problem in practice.

---Tom