[PATCHES] heimdal: lib/krb5: do not fail set_config_files due to parse error

Alexander Bokovoy ab at samba.org
Tue Jun 19 17:33:23 UTC 2018

On ti, 19 kesä 2018, Björn Baumbach wrote:
> On 06/16/2018 10:22 AM, Björn Baumbach via samba-technical wrote:
> > There is an (already well known) bug in our heimdal library, which
> > drives users crazy:
> > https://bugzilla.samba.org/show_bug.cgi?id=11573
> > 
> > I've ported the needed patches to solve this issue.
> > 
> > The first patch is sufficient, to fix the bug.
> > 
> > The second patch is needed to apply the original patch (the third one)
> > from Nicolas Williams.
> > 
> > The third patch is the one to process the include directives of the
> > krb5.conf file, which was mentioned in the bug report:
> > https://bugzilla.samba.org/show_bug.cgi?id=11573#c5
> Hi!
> The original heimdal code, which implements the use of of the krb5.conf
> include directives, introduces a segmentation fault, due to an
> uninitialized pointer. So this code does not seem to be tested very well
> and I would like to remove it.
> I suggest that we should keep the "heimdal: lib/krb5: do not fail
> set_config_files due to parse error" as the fix for bug 11573.
I'm OK for removing it atm but going forward we cannot pretend such
configurations do not exist. For example, if someone wants to build
Samba AD on RHEL/CentOS using Heimdal but keeping the rest of the system
with MIT Kerberos, a default system krb5.conf is utilizing includedir to
implement crypto defaults.

In a sense, Volker's follow up patch is a better direction because it
supports includedir operation.

/ Alexander Bokovoy

More information about the samba-technical mailing list