[17078] in Kerberos-V5-bugs
[krbdev.mit.edu #9196] Uninitialized paChecksum2 in krb5_encode_test
daemon@ATHENA.MIT.EDU (=?UTF-8?B?TWFydGluIMWYZWjDoWs=?= v)
Tue Feb 10 11:33:40 2026
From: "=?UTF-8?B?TWFydGluIMWYZWjDoWs=?= via RT" <rt-comment@krbdev.mit.edu>
In-Reply-To: <0fc1d5c3-b7eb-40e8-848f-15c5500b4c7e@tekkirk.org>
Message-ID: <rt-4.4.3-2-1034423-1770741209-1678.9196-4-0@mit.edu>
To: "AdminCc of krbdev.mit.edu Ticket #9196":;
Content-Type: multipart/mixed; boundary="----------=_1770741209-1034423-0"
Date: Tue, 10 Feb 2026 11:33:29 -0500
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Reply-To: rt-comment@krbdev.mit.edu
Errors-To: krb5-bugs-bounces@mit.edu
This is a multi-part message in MIME format...
------------=_1770741209-1034423-0
Content-Type: text/plain; charset="utf-8"
Tue Feb 10 11:33:29 2026: Request 9196 was acted upon.
Transaction: Ticket created by rehak@tekkirk.org
Queue: krb5
Subject: Uninitialized paChecksum2 in krb5_encode_test
Owner: Nobody
Requestors: rehak@tekkirk.org
Status: new
Ticket <URL: https://krbdev.mit.edu/rt/Ticket/Display.html?id=9196 >
Hello,
during unit tests run on krb5-1.22.2 krb5_encode_test was giving me a
SIGSEGV with following backtrace on Oracle Solaris:
$ mdb core
Loading modules: [ libc.so.1 ld.so.1 ]
krb5_encode_test:core> $C
7fffbfffdac0 libkrb5.so.3.3`nonempty_data+4()
7fffbfffdb10 libkrb5.so.3.3`encode_atype+0x226()
7fffbfffdb60 libkrb5.so.3.3`encode_atype+0x273()
7fffbfffdbb0 libkrb5.so.3.3`encode_atype_and_tag+0x24()
7fffbfffdbf0 libkrb5.so.3.3`encode_sequence+0x3e()
7fffbfffdc40 libkrb5.so.3.3`encode_atype+0x2cb()
7fffbfffdc90 libkrb5.so.3.3`encode_atype+0x273()
7fffbfffdce0 libkrb5.so.3.3`encode_atype+0x114()
7fffbfffdd30 libkrb5.so.3.3`encode_atype_and_tag+0x24()
7fffbfffdd70 libkrb5.so.3.3`encode_sequence+0x3e()
7fffbfffddc0 libkrb5.so.3.3`encode_atype+0x2cb()
7fffbfffde10 libkrb5.so.3.3`encode_atype+0x2ae()
7fffbfffde60 libkrb5.so.3.3`encode_atype+0x246()
7fffbfffdeb0 libkrb5.so.3.3`encode_atype+0x273()
7fffbfffdf00 libkrb5.so.3.3`encode_atype+0x114()
7fffbfffdf50 libkrb5.so.3.3`encode_atype_and_tag+0x24()
7fffbfffdf90 libkrb5.so.3.3`encode_sequence+0x3e()
7fffbfffdfe0 libkrb5.so.3.3`encode_atype+0x2cb()
7fffbfffe030 libkrb5.so.3.3`encode_atype+0x273()
7fffbfffe080 libkrb5.so.3.3`encode_atype+0x114()
7fffbfffe0d0 libkrb5.so.3.3`encode_atype_and_tag+0x24()
7fffbfffe110 libkrb5.so.3.3`encode_sequence+0x3e()
7fffbfffe160 libkrb5.so.3.3`encode_atype+0x2cb()
7fffbfffe1b0 libkrb5.so.3.3`encode_atype_and_tag+0x24()
7fffbfffe210 libkrb5.so.3.3`k5_asn1_full_encode+0x48()
7fffbfffe220 libkrb5.so.3.3`encode_krb5_auth_pack+0x13()
7fffbffff120 main+0x4255()
7fffbffff130 0x4135d4()
This is the test:
/* encode_krb5_auth_pack */
{
krb5_auth_pack pack;
ktest_make_sample_auth_pack(&pack);
encode_run(pack, "auth_pack", "", acc.encode_krb5_auth_pack);
ktest_empty_auth_pack(&pack);
}
pack structure is uninitalized and that made new optional paChecksum2
member of _krb5_pk_authenticator uninitialized also and lead time to
time to crash. krb5 was built using Solaris Developer Studio 12.6.
Attached patch resolves the issue. Please consider integration into main
branch.
Thank you,
Martin
------------=_1770741209-1034423-0
Content-Type: text/x-patch; charset="utf-8"; name="fix-krb5_encode_test.patch"
Content-Disposition: attachment; filename="fix-krb5_encode_test.patch"
Content-Transfer-Encoding: 7bit
RT-Attachment: 9196/104148/26064
--- a/src/tests/asn.1/ktest.c
+++ b/src/tests/asn.1/ktest.c
@@ -703,6 +703,7 @@
ktest_make_sample_data(&p->paChecksum);
p->freshnessToken = ealloc(sizeof(krb5_data));
ktest_make_sample_data(p->freshnessToken);
+ p->paChecksum2 = NULL;
}
static void
------------=_1770741209-1034423-0
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
------------=_1770741209-1034423-0--
