[17598] in Kerberos_V5_Development
Re: Segfault during krb5_set_password
daemon@ATHENA.MIT.EDU (Greg Hudson)
Mon Apr 16 19:28:50 2012
Message-ID: <4F8CAB2D.8020904@mit.edu>
Date: Mon, 16 Apr 2012 19:28:45 -0400
From: Greg Hudson <ghudson@mit.edu>
MIME-Version: 1.0
To: Jonathan Reams <jreams@columbia.edu>
In-Reply-To: <E3648D89-E185-4231-8196-A3DA176E3B3A@columbia.edu>
Cc: krbdev@mit.edu
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krbdev-bounces@mit.edu
On 04/16/2012 07:03 PM, Jonathan Reams wrote:
> For now I've set it to skip any password change operations where the
> password text string is NULL, but is this something the krb5 libs
> should have caught?
I think the code is behaving as intended. krb5_set_password is within
its rights to crash with a null password parameter, and it's obviously
deliberate (based on code inspection) that chpass is called with a null
newpw during a randkey operation. I've checked in a change to
kadm5_hook_plugin.h to document this, as it was previously undocumented.
> Also, are there any upper bounds on the size of a password passed in?
> Would a hypothetical 4KB password cause issues?
I think that should work, but I don't think we have any test cases
covering a password that large, so I'm not certain.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
