[PATCH] Some coverity fixes

Jeremy Allison jra at samba.org
Thu May 7 12:03:26 MDT 2015

On Thu, May 07, 2015 at 06:37:36PM +0200, Volker Lendecke wrote:
> On Thu, May 07, 2015 at 05:39:00PM +0200, Stefan (metze) Metzmacher wrote:
> > I'd just push fixes to our copy, we already have some extra patches.
> > Before a possible rebase on heimdal master we need to check our extra
> > patches anyway, so a few more won't hurt...
> Is this consensus now?
> The more worrying problem however is that there is nobody around to
> be able to judge whether the patch I posted creates a security problem
> or not.

I have looked through the code carefully. Your fix is safe.

The first entry in the replay file created in krb5_rc_initialize()
is only used to store the 'krb5_deltat auth_lifespan' value, the
associated data[16] value is never looked at. (Look at the
code in krb5_rc_store() and krb5_rc_get_lifespan() to confirm).

Only subsequent data[16] values are checked with memcmp.


More information about the samba-technical mailing list