Date: | Fri, 10 May 2013 08:58:15 -0400 |
From: | Richard Basch <basch@alum.mit.edu> |
Subject: | kinit bug - all versions since 1.9 |
To: | krb5-bugs@mit.edu |
This bug is based on a code observation (feel free to try it; I didn’t because it seemed obvious).
If you have a file keytab with the name KDB_xyz, and you specify –kt KDB_xyz, kinit will attempt to open the Kerberos database (which may or may not exist on that machine), due to the strncmp() call being invoked with an incorrect parameter. KDB: contains 4 characters, not 3 characters, and thus strncmp() should have specified four characters to ensure the : is also matched.
<tardis:probe> {~/krb5}
836-1$ diff -u krb5-1.11.2/src/clients/kinit/kinit.c{.dist,}
--- krb5-1.11.2/src/clients/kinit/kinit.c.dist 2013-04-12 13:51:35.000000000 -0400
+++ krb5-1.11.2/src/clients/kinit/kinit.c 2013-05-10 08:53:08.924024226 -0400
@@ -719,7 +719,7 @@
if ((opts->action == INIT_KT) && opts->keytab_name)
{
#ifndef _WIN32
- if (strncmp(opts->keytab_name, "KDB:", 3) == 0) {
+ if (strncmp(opts->keytab_name, "KDB:", 4) == 0) {
code = kinit_kdb_init(&k5->ctx,
krb5_princ_realm(k5->ctx, k5->me)->data);
if (code != 0) {