tmp.data is uninitialized in the fwrite call
Hopefully I don't create a problem here: If tmp.data is supposed to be randomly
set, I think the right fix would have been to explicitly call a random function
initializing it.
<jra@samba.org>
------------------------------------------------------------
I have looked through the code carefully. Your fix is safe.
The first entry in the replay file created in krb5_rc_initialize()
is only used to store the 'krb5_deltat auth_lifespan' value, the
associated data[16] value is never looked at. (Look at the
code in krb5_rc_store() and krb5_rc_get_lifespan() to confirm).
Only subsequent data[16] values are checked with memcmp.
------------------------------------------------------------
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
krb5_deltat auth_lifespan)
{
FILE *f = fopen(id->name, "w");
- struct rc_entry tmp;
+ struct rc_entry tmp = { .stamp = auth_lifespan };
int ret;
if(f == NULL) {
krb5_set_error_message(context, ret, "open(%s): %s", id->name, buf);
return ret;
}
- tmp.stamp = auth_lifespan;
fwrite(&tmp, 1, sizeof(tmp), f);
fclose(f);
return 0;