Re: krb5_init_get_creds_password crash in 0.5.1

[Love <lha@stacken.kth.se>]

"Howard Chu" <hyc@highlandsun.com> writes:

> This bug was reported to OpenLDAP (ITS#2386) by Iain Moffat @ ufl.edu.
>
> If krb5_init_get_creds_password is called with a NULL prompter and the user's
> password is expired, change_password() is invoked and change_password() tries
> to execute the prompter without checking to see if it's valid/non-NULL. I
> believe this diff (against 0.5.1) contains an appropriate fix. Looks like
> 0.5.2 doesn't fix this either.
>
> ===================================================================
> RCS file: /var/CVSROOT/heimdal/lib/krb5/init_creds_pw.c,v
> retrieving revision 1.1.1.2
> diff -u -r1.1.1.2 init_creds_pw.c
> --- init_creds_pw.c     18 Apr 2002 09:14:51 -0000      1.1.1.2
> +++ init_creds_pw.c     20 Mar 2003 15:22:47 -0000
> @@ -409,6 +409,9 @@
>         krb5_prompt prompt;
>         char *p, *q;
>
> +       if (!prompter)
> +               goto out;
> +
>         krb5_unparse_name (context, this_cred.client, &p);
>         asprintf (&q, "%s's Password: ", p);
>         free (p);

I don't think its valid to call the krb5_get_init_creds_password() with
password == NULL && prompter == NULL. So, how can this ever happen ?


> @@ -456,6 +459,9 @@
>
>             if (in_tkt_service != NULL
>                 && strcmp (in_tkt_service, "kadmin/changepw") == 0)
> +               goto out;
> +
> +           if (!prompter)
>                 goto out;
>
>             ret = change_password (context,

This I can agree with. I'll fix it. Thanks

Love