[2682] in Kerberos-V5-bugs
krb5-admin/386: Password history doesn't work unless there are already old keys
daemon@ATHENA.MIT.EDU (Ken Hornstein)
Fri Mar 7 17:01:24 1997
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: bjaspan@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, kenh@cmf.nrl.navy.mil
Date: Fri, 7 Mar 1997 16:55:32 -0500 (EST)
From: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Reply-To: kenh@cmf.nrl.navy.mil
To: krb5-bugs@MIT.EDU
>Number: 386
>Category: krb5-admin
>Synopsis: Kadmind pw history doesn't work if there aren't already passwords in the database
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: bjaspan
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Fri Mar 07 16:56:01 EST 1997
>Last-Modified:
>Originator: Ken Hornstein
>Organization:
Navel Research Lab
>Release: 1.0
>Environment:
System: SunOS nexus 4.1.4 2 sun4m
Architecture: sun4
>Description:
If you don't already have old keys stored for a user and give them a password
policy that stores old passwords, they will get "not enough memory" when they
try to change their password.
I tracked this down to code in add_to_history, in svr_principal. This
functions calls realloc() with a pointer to the old keys. However, if
there are no old keys, then realloc gets called with a NULL pointer, and
this fails under SunOS.
I'm not sure if it's SunOS that's broken here; certainly most other systems
treat realloc(NULL,...) like malloc.
>How-To-Repeat:
Try to create a password history policy with a kadmind on SunOS.
>Fix:
This fixes it for me.
--- lib/kadm5/srv/svr_principal.c.orig Mon Nov 11 17:05:18 1996
+++ lib/kadm5/srv/svr_principal.c Fri Mar 7 16:08:40 1997
@@ -964,9 +964,14 @@
/* resize the adb->old_keys array if necessary */
if (adb->old_key_len < pol->pw_history_num-1) {
- adb->old_keys = (osa_pw_hist_ent *)
- realloc(adb->old_keys,
- (adb->old_key_len+1)*sizeof(osa_pw_hist_ent));
+ if (adb->old_keys == NULL) {
+ adb->old_keys = (osa_pw_hist_ent *)
+ malloc(((adb->old_key_len+1)*sizeof(osa_pw_hist_ent)));
+ } else {
+ adb->old_keys = (osa_pw_hist_ent *)
+ realloc(adb->old_keys,
+ (adb->old_key_len+1)*sizeof(osa_pw_hist_ent));
+ }
if (adb->old_keys == NULL)
return(ENOMEM);
>Audit-Trail:
>Unformatted: