[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Bugreports for heimdal?



O.k., here they come. This all against version 0.3c.

First, an uninitialized variable is freed in gssapi/init_sec_context.
This leads to crashes of GSSAPI applications. The fix:

*** ./lib/gssapi/init_sec_context.c.orig        Fri Oct 20 19:50:14 2000
--- ./lib/gssapi/init_sec_context.c     Fri Oct 20 20:01:20 2000
***************
*** 210,215 ****
--- 210,218 ----
      outbuf.length = 0;
      outbuf.data   = NULL;
  
+     fwd_data.length = 0;
+     fwd_data.data = NULL;
+ 
      *minor_status = 0;
  
      *context_handle = malloc(sizeof(**context_handle));

Next, the kdc crashes if somebody tries "kinit -4 --afslog --no-addresses".
The following patch avoids the crash:

*** ./kdc/524.c.orig    Thu Oct 26 19:41:31 2000
--- ./kdc/524.c Thu Oct 26 20:26:02 2000
***************
*** 139,145 ****
        krb5_free_address(context, &v4_addr);
        return KRB5KRB_AP_ERR_BADADDR;
      }
!     if(v4_addr.addr_type == KRB5_ADDRESS_INET) {
        /* we need to collapse the addresses in the ticket to a
           single address; best guess is to use the address the
           connection came from */
--- 139,145 ----
        krb5_free_address(context, &v4_addr);
        return KRB5KRB_AP_ERR_BADADDR;
      }
!     if(et->caddr && v4_addr.addr_type == KRB5_ADDRESS_INET) {
        /* we need to collapse the addresses in the ticket to a
           single address; best guess is to use the address the
           connection came from */

And, last but not least, the manpage for hpropd doesn't display properly. The fix:

*** ./kdc/hpropd.8.orig Mon Oct 23 22:32:21 2000
--- ./kdc/hpropd.8      Mon Oct 23 22:42:17 2000
***************
*** 19,25 ****
  .Fl -keytab= Ns Ar keytab Oc
  .Xc
  .Op Fl 4 | Fl -v4dump
- .Xc
  .Sh DESCRIPTION
  .Nm
  receives databases sent by
--- 19,24 ----


That's it.

Karsten.

| -----Original Message-----
| From: Johan Danielsson [mailto:joda@pdc.kth.se]
| Sent: Thursday, October 26, 2000 23:41
| To: Karsten Künne
| Cc: heimdal-discuss@sics.se
| Subject: Re: Bugreports for heimdal?
| 
| 
| Karsten Künne <Karsten.Kuenne@desy.de> writes:
| 
| > I'm new to heimdal and to this list and I found a few bugs in
| > heimdal.  Now I wonder where I should send bug reports to. The
| > webpage doesn't give any hint.
| 
| It's in the documentation, heimdal-bugs@pdc.kth.se.
| 
| /Johan
|