[39563] in Kerberos
Re: Failing ASN.1 tests with PKINIT on HP-UX
daemon@ATHENA.MIT.EDU (Greg Hudson)
Sun Sep 28 15:36:45 2025
Message-ID: <91cae48a-4a0d-4571-a25f-793e06a0ef23@mit.edu>
Date: Sun, 28 Sep 2025 15:36:23 -0400
MIME-Version: 1.0
To: "Osipov, Michael (IN IT IN)" <michael.osipov@innomotics.com>,
Kerberos@mit.edu
Content-Language: en-US
From: "Greg Hudson" <ghudson@mit.edu>
In-Reply-To: <32a0623a-5808-4391-9a04-ae7c5c176bba@innomotics.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: kerberos-bounces@mit.edu
On 9/28/25 07:36, Osipov, Michael (IN IT IN) wrote:
> Here is the full stacktrace:
[...]
>> #28 0x60000000c8a87c20:0 in encode_krb5_auth_pack () at
>> asn1_k_encode.c:1513
>> #29 0x4011340:0 in main () at krb5_encode_test.c:798
Okay, it's nothing so exotic as a misplaced function pointer; we're just
at a different point in main() from what we originally thought (line
798, not lines 775-778).
Walking carefully through the stack trace, I can deduce that the failure
happens when trying to encode the algorithm identifier within the
paChecksum2 field of the PKAuthenticator.
ktest_make_sample_pk_authenticator() doesn't intentionally include a
paChecksum2 field, but it doesn't null it either. So this is a
straightforward use of uninitialized memory, obscured on other platforms
because the pointer value happens to be 0 there. (And asan/valgrind
don't catch it, presumably because the memory was written to earlier
within structures of different types.)
I will open a PR.
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
