[PATCH] Some coverity fixes
jra at samba.org
Thu May 7 12:03:26 MDT 2015
On Thu, May 07, 2015 at 06:37:36PM +0200, Volker Lendecke wrote:
> On Thu, May 07, 2015 at 05:39:00PM +0200, Stefan (metze) Metzmacher wrote:
> > I'd just push fixes to our copy, we already have some extra patches.
> > Before a possible rebase on heimdal master we need to check our extra
> > patches anyway, so a few more won't hurt...
> Is this consensus now?
> The more worrying problem however is that there is nobody around to
> be able to judge whether the patch I posted creates a security problem
> or not.
I have looked through the code carefully. Your fix is safe.
The first entry in the replay file created in krb5_rc_initialize()
is only used to store the 'krb5_deltat auth_lifespan' value, the
associated data value is never looked at. (Look at the
code in krb5_rc_store() and krb5_rc_get_lifespan() to confirm).
Only subsequent data values are checked with memcmp.
More information about the samba-technical