[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug in fkt_remove_entry
Hello,
Calling fkt_remove_entry on a keytab where the file does not exist results in
a segfault. This is caused by the return code of fkt_start_seq_get_int not
being checked before the loop is started.
This simple patch fixes it- I think this should be the correct behavior since
the add functions don't error out if the keytab does not exist. I'm not sure
if the error code should stay the same...
It doesn't look like any of the other keytab function groups have the same
bug, but I looked quickly.
Thoughts?
Thanks,
Wynn
Index: keytab_file.c
===================================================================
RCS file: /col/csm/cvs/VAS/src/heimdal/lib/krb5/keytab_file.c,v
retrieving revision 1.5
diff -u -p -B -w -r1.5 keytab_file.c
--- keytab_file.c 2002/09/17 21:16:31 1.5
+++ keytab_file.c 2002/09/24 15:42:35
@@ -576,7 +576,9 @@ fkt_remove_entry(krb5_context context,
memset( &e, 0, sizeof(e) );
memset( &cursor, 0, sizeof(cursor) );
- fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, &cursor);
+ if( fkt_start_seq_get_int(context, id, O_RDWR | O_BINARY, &cursor) )
+ goto FINISHED;
+
while(fkt_next_entry_int(context, id, &e, &cursor,
&pos_start, &pos_end) == 0) {
if(krb5_kt_compare(context, &e, entry->principal,
@@ -595,6 +597,8 @@ fkt_remove_entry(krb5_context context,
}
}
krb5_kt_end_seq_get(context, id, &cursor);
+
+ FINISHED:
if( !found ) {
krb5_clear_error_string (context);
return KRB5_KT_NOTFOUND;