[370] in Kerberos-V5-bugs
suspected bug in sendauth
daemon@ATHENA.MIT.EDU (Jim Miller)
Thu Oct 14 20:19:21 1993
From: jim@bilbo.suite.com (Jim Miller)
Date: Thu, 14 Oct 93 19:05:15 -0500
To: krb5-bugs@MIT.EDU
Reply-To: Jim_Miller@suite.com
This (suspected) bug report is for Kerberos 5, pre-beta 3...
in /lib/krb/sendauth.c
The following sendauth code will not work if the caller supplied a "credsp"
that contains a null ticket field (!credsp->ticket.length).
if (!credsp->ticket.length) {
if (retval = krb5_get_credentials(connector,
kdc_options,
ccache,
&creds)) {
krb5_free_cred_contents(&creds);
return(retval);
}
}
The reason it will fail is that the "creds" passed to "krb5_get_credentials"
was not initialized. ("creds" only gets initialized if "credsp" is null.)
BTW, it would also fail if the caller didn't pass in a "ccache" parameter.
How likely is it for someone to pass "sendauth" a "credsp" with a null ticket
field? I don't know, but it is easy to check for this case.
Something like...
Change:
if (!credsp->ticket.length) {
if (retval = krb5_get_credentials(connector,
kdc_options,
ccache,
&creds)) {
krb5_free_cred_contents(&creds);
return(retval);
}
}
To:
if (!credsp->ticket.length && !ccache) { <--** check for ccache, too
krb5_free_cred_contents(&creds);
return(KRB5_NOCREDS_SUPPLIED);
} else if (retval = krb5_get_credentials(connector,
kdc_options,
ccache,
credsp)) { <--** use credsp
krb5_free_cred_contents(&creds);
return(retval);
}
Jim_Miller@suite.com
