[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: krb5_init_get_creds_password crash in 0.5.1
> -----Original Message-----
> From: Love [mailto:firstname.lastname@example.org]
> "Howard Chu" <email@example.com> writes:
> I don't think its valid to call the krb5_get_init_creds_password() with
> password == NULL && prompter == NULL. So, how can this ever happen ?
You're probably right, but I think it's better for the app to get a "FAILED"
result code than a SEGV if this does happen. So far I have not seen it
happen; the patch below is the important one. It costs very little to make
this routine more idiot-proof, though.
> > @@ -456,6 +459,9 @@
> > if (in_tkt_service != NULL
> > && strcmp (in_tkt_service, "kadmin/changepw") == 0)
> > + goto out;
> > +
> > + if (!prompter)
> > goto out;
> > ret = change_password (context,
> This I can agree with. I'll fix it. Thanks
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support