Skip Menu |

Date: Tue, 13 Nov 2007 03:15:59 -0500 (EST)
From: David Bartley <>
Subject: GSSAPI Error Display Bug
There's a bug in the GSSAPI g_display_com_err_status function. Kerberos
error codes are represented as an int32 are are negative. However, in
g_display_com_err the status_value (i.e. the krb5 error) is passed in as a
uint32. This function then passes status_value to error_message, which
expects a signed long, which is an int64 on 64-bit systems. Casting a uint32
to an int64 will not sign-extend the value, so an incorrect error code ends
up being passed to error_message.

This bug can be seen when using SASL/GSSAPI (e.g. ldapsearch). On 32-bit
systems the full error text is displayed, whereas on 64-bit systems only
the error number is displayed. I've attached a patch which fixes the bug.

Message body is not shown because sender requested not to inline it.