[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

possible breakage in kpasswd with 0.5?

To: heimdal-discuss <heimdal-discuss@sics.se>
Subject: possible breakage in kpasswd with 0.5?
From: Wynn Wilkes <wynnw@sco.com>
Date: Wed, 18 Sep 2002 12:40:44 -0600
Organization: The SCO Group, formerly Caldera
Reply-To: wynnw@sco.com
Sender: owner-heimdal-discuss@sics.se
User-Agent: KMail/1.4.7

Hello,

(Sorry if this is a duplicate)

With the new release of Heimdal 0.5, there appears to be a problem in the 
process_reply method in lib/krb5/changepw.c

On line 178, there's a check to make sure the priv_data.data does not overflow 
the reply buffer- except the check is >=, when it looks like it should just 
be >

We've experienced the problem when running against Active Directory as the 
changepw server- I have not verified it against the heimdal or mit servers. 
Changing the test to > fixes the problems we've had.

Is this a real bug, or is there something else wrong?

Thanks,
Wynn

Prev by Date: PreAuth failure
Next by Date: heimdal-0.5 configure and libcrypto
Prev by thread: PreAuth failure
Next by thread: heimdal-0.5 configure and libcrypto
Index(es):
- Date
- Thread