malloc hang inside krb5_sendto_kdc

Jeffrey Altman jaltman2 at nyc.rr.com
Wed Feb 4 07:26:27 EST 2004 

Ken Weaverling wrote:
> In article <tsloesgc5bv.fsf at konishi-polis.mit.edu>,
> Sam Hartman <hartmans at MIT.EDU> wrote:
> If you look at the backtrace from my previous message (portion below),
> frame #4 has a valid pointer in context, but in frame three it has 0x1
> and realm is 0x1 .. 
> 
> #3  0xb75ad622 in krb5_sendto_kdc (context=0x1, message=0x81214a8, realm=0x1,  
>     reply=0xbfffb510, use_master=1) at sendto_kdc.c:97 
> #4  0xb75961f3 in send_as_request (context=0x8117ba0, request=0xbfffb5d0,  
>     time_now=0xbfffb510, ret_err_reply=0xbfffb594, ret_as_reply=0xbfffb598,  
>     use_master=1) at get_in_tkt.c:117 
> 
> I don't see anything within that function that might alter context
> unless it happens in kd5_locate_kdc().... (code snippet at end of msg)

It certainly looks like the stack is being damaged after the 
krb5_sendto_kdc() begins.  krbd_locate_kdc() is the most likely
target.

> Perhaps I could change the code before the malloc to watch for 0x1 in
> context and halt the process for debugging at that point, before the
> bad malloc call? Can a running process reach out to a gdb and attach
> to it?!  (or i could just send it into a cpu loop and then attach when
> I see something running out of control).  As I said, ignorance perhaps! :)

The most useful thing would be to add code before and after the 
krb5_locate_kdc() call to check for context == realm as they are
both being set to 0x1.  Write to a log file when you find the condition.

> thx for the concern...
> 
> ps, I have an open ticket with redhat on this too, but it's not
> getting far. They are suggesting we try 1.3.1 from fedora core to see
> if it solves the problem, which I'll probably install on saturday.
> 
> Also, this uses a windows 2000 server for KDC. It had done that for
> over a year with no problems. This problem happened when we migrated
> the server from redhat 7.3 to Redhat enterprise linux (RHEL) 3 over
> the holidays.

Is the KDC being found via DNS or via entries in a krb5.conf file?

Jeffrey Altman

More information about the Kerberos mailing list