[20573] in Kerberos_V5_Development
Re: Bug in mechglue's copy_mech_cred function?
daemon@ATHENA.MIT.EDU (Greg Hudson)
Thu May 21 17:44:32 2026
Message-ID: <0ab945df-fbf9-45d6-ac6b-b9aef4a857c2@mit.edu>
Date: Thu, 21 May 2026 17:44:13 -0400
MIME-Version: 1.0
To: "Sands, Daniel N." <dnsands@sandia.gov>, "krbdev@mit.edu" <krbdev@mit.edu>
Content-Language: en-US
From: "Greg Hudson" <ghudson@mit.edu>
In-Reply-To: <SA9PR09MB530904347D8440230E18CDDEDB012@SA9PR09MB5309.namprd09.prod.outlook.com>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: krbdev-bounces@mit.edu
On 5/20/26 19:43, Sands, Daniel N. via krbdev wrote:
> I'm looking at code in the 1.18 distribution as well as 1.21. I have what I'm pretty sure is a bug that will cause memory corruption and/or segfaults for 3rd party gssapi mechs, at the least.
I think this analysis is correct, with the proviso that most likely no
applications ever reach this helper function, much less the broken
fallback case. copy_mech_cred() is only reached when an application
calls gss_add_cred() with both input_cred_handle and output_cred_handle
specified.
I submitted https://github.com/krb5/krb5/pull/1514 to fix the bug.
_______________________________________________
krbdev mailing list krbdev@mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev
