Skip Menu |
 

Date: Fri, 10 May 2013 08:58:15 -0400
From: Richard Basch <basch@alum.mit.edu>
Subject: kinit bug - all versions since 1.9
To: krb5-bugs@mit.edu
Download (untitled) / with headers
text/plain 1.1KiB

This bug is based on a code observation (feel free to try it; I didn’t because it seemed obvious).

 

If you have a file keytab with the name KDB_xyz, and you specify –kt KDB_xyz, kinit will attempt to open the Kerberos database (which may or may not exist on that machine), due to the strncmp() call being invoked with an incorrect parameter.  KDB: contains 4 characters, not 3 characters, and thus strncmp() should have specified four characters to ensure the : is also matched.

 

 

<tardis:probe> {~/krb5}

836-1$ diff -u krb5-1.11.2/src/clients/kinit/kinit.c{.dist,}

--- krb5-1.11.2/src/clients/kinit/kinit.c.dist  2013-04-12 13:51:35.000000000 -0400

+++ krb5-1.11.2/src/clients/kinit/kinit.c       2013-05-10 08:53:08.924024226 -0400

@@ -719,7 +719,7 @@

     if ((opts->action == INIT_KT) && opts->keytab_name)

     {

#ifndef _WIN32

-        if (strncmp(opts->keytab_name, "KDB:", 3) == 0) {

+        if (strncmp(opts->keytab_name, "KDB:", 4) == 0) {

             code = kinit_kdb_init(&k5->ctx,

                                   krb5_princ_realm(k5->ctx, k5->me)->data);

             if (code != 0) {

 

From: ghudson@mit.edu
Subject: git commit

Fix check for KDB: prefix in kinit

The string "KDB:" has four characters, not three; check for all four
of them.

[ghudson@mit.edu: commit message]

https://github.com/krb5/krb5/commit/962e70a085314b44246263f5d8c9dc670a39eccb
Author: Richard Basch <basch@alum.mit.edu>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 962e70a085314b44246263f5d8c9dc670a39eccb
Branch: master
src/clients/kinit/kinit.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)