[1742] in Kerberos-V5-bugs
bug in 120195 snapshot...
daemon@ATHENA.MIT.EDU (Roland Schemers)
Tue Dec 19 01:11:35 1995
Date: Mon, 18 Dec 1995 22:11:23 -0800
From: Roland Schemers <schemers@Eng.Sun.COM>
To: krb5-bugs@MIT.EDU
Cc: warlord@Eng.Sun.COM
Hi. I'm working on some Kerberos stuff with Derek Atkins and have found a
bug in the 120195 snapshot he had given me. It was a major bug which
prevented me from getting any tickets.
The bug was in src/kdc/kdc_preauth.c. size was not initialized to 0:
------- kdc_preauth.c -------
*** - Mon Dec 18 22:05:21 1995
--- kdc_preauth.c Mon Dec 18 22:02:20 1995
***************
*** 257,263 ****
krb5_pa_data ** send_pa;
krb5_pa_data * pa = 0;
krb5_preauth_systems * ap;
! int size;
for (ap = preauth_systems; ap->type != -1; ap++) {
if (ap->return_padata)
--- 257,263 ----
krb5_pa_data ** send_pa;
krb5_pa_data * pa = 0;
krb5_preauth_systems * ap;
! int size = 0;
for (ap = preauth_systems; ap->type != -1; ap++) {
if (ap->return_padata)
It was being initialized to some huge negative number, causing the
following statement to fail:
if ((send_pa_list = malloc((size+1) * sizeof(krb5_pa_data *))) == NULL)
return ENOMEM;
You probably have already fixed this bug, but just in case you haven't I thought
I should send it a report...
thanks, roland
ps. Is there a later snapshot I should be working with?
