Date: | Mon, 28 May 2012 23:59:02 -0400 |
From: | Richard Basch <basch@alum.mit.edu> |
Subject: | krb5-1.10.1 - SIGSEGV (kadmin.local) |
To: | krb5-bugs@mit.edu, krbdev@mit.edu |
The following will cause a SIGSEGV:
cat <<EOF | kadmin.local
addprinc -randkey -policy local -allow_tix -allow_tgs_req test/foo
EOF
The following is the offending code which is causing the issue (and the fix is simply not to dereference a null pointer):
diff -ru src.orig/lib/kadm5/srv/svr_principal.c src/lib/kadm5/srv/svr_principal.c
--- src.orig/lib/kadm5/srv/svr_principal.c 2011-09-21 12:29:00.000000000 -0400
+++ src/lib/kadm5/srv/svr_principal.c 2012-05-28 23:49:10.000000000 -0400
@@ -187,7 +187,7 @@
char *password = *passptr;
/* Old-style randkey operations disallowed tickets to start. */
- if (!(mask & KADM5_ATTRIBUTES) ||
+ if (!password || !(mask & KADM5_ATTRIBUTES) ||
!(entry->attributes & KRB5_KDB_DISALLOW_ALL_TIX))
return;