[1599] in Kerberos-V5-bugs
Krb 5.5 ksu core dumps
daemon@ATHENA.MIT.EDU (Joe Ramus)
Tue Aug 15 14:09:50 1995
Date: Tue, 15 Aug 95 11:09:23 PDT
From: ramus@nersc.gov (Joe Ramus)
To: krb5-bugs@MIT.EDU
I tried to use the Krb 5.5 version of ksu and it core dumped.
I applied the patches submitted by
Date: 25 May 1995 19:44:17 -0700
From: wolfgang@wsrcc.com (Wolfgang Rupprecht)
Organization: W S Rupprecht Computer Consulting, Fremont CA
It still core dumped.
I discovered two places in the code where the name of the cache file
is expected to contain a ':' and since there is no ':', the
code creates an illegal pointer value of 1.
The ksu command line options -c and -C expect the file name to
be prefixed by "FILE:" such as
FILE:/tmp/my_cache
But in the two cases shown below, there is no such prefix.
I used #ifdef TEST_FOR_COLON so I could keep the original code
in place.
*** BEFORE/src/clients/ksu/main.c Thu Mar 16 20:53:15 1995
--- AFTER/src/clients/ksu/main.c Tue Aug 15 09:33:25 1995
***************
*** 377,383 ****
--- 381,391 ----
if (cc_source_tag == NULL){
cc_source_tag = krb5_cc_default_name(ksu_context);
+ #ifdef TEST_FOR_COLON
cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
+ #else
+ cc_source_tag_tmp = cc_source_tag;
+ #endif
}
/* get a handle for the cache */
***************
*** 467,473 ****
--- 475,485 ----
do {
sprintf(cc_target_tag, "%s%d.%d", KRB5_SECONDARY_CACHE,
target_uid, gen_sym());
+ #ifdef TEST_FOR_COLON
cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1;
+ #else
+ cc_target_tag_tmp = cc_target_tag;
+ #endif
}while ( !stat ( cc_target_tag_tmp, &st_temp));
/* make sure that the new ticket file does not already exist */
