Crash in gss_export_sec_contex in krb5-1.8.1 on OpenSuse 11.3

Markus Moeller huaraz at moeller.plus.com
Sun Dec 26 08:03:44 EST 2010


When I try to export a security context it sometime crashes in:

gss_export_sec_context in g_exp_sec_context line 104

102         return (GSS_S_UNAVAILABLE);
 103
 104     status = mech->gss_export_sec_context(minor_status,
 105                                           &ctx->internal_ctx_id, 
&token);
 106     if (status != GSS_S_COMPLETE) {
 107         map_error(minor_status, mech);
 108         return (status);
 109     }

krb5_gss_export_sec_context in export_sec_context.c line 66

64     /* Determine size needed for externalization of context */
  65     bufsize = 0;
  66     if ((kret = kg_ctx_size(context, (krb5_pointer) ctx,
  67                             &bufsize)))
  68         goto error_out;

kg_ctx_size in ser_sctx.c line 361

360             if (initiator_name) {
 361                 kret = krb5_size_opaque(kcontext,
 362                                         KV5M_AUTHDATA_CONTEXT,
 363                                         initiator_name->ad_context,
 364                                         &required);
 365             }


krb5_size_opaque in serialize.c line 105

103     /* See if the type is supported, if so, do it */
 104     if ((shandle = krb5_find_serializer(kcontext, odtype)))
 105         kret = (shandle->sizer) ? (*shandle->sizer)(kcontext, arg, 
sizep) : 0;
 106     return(kret);

krb5_authdata_context_size in authdata.c line 1131

1130
1131     code = k5_ad_size(kcontext, context, AD_USAGE_MASK, sizep);
1132     if (code != 0)
1133         return code;
1134

k5_ad_size in authdata.c line 162   (The reason is that context is 0 , which 
is initiator_name->ad_context)

162     for (i = 0; i < context->n_modules; i++) {
 163         struct _krb5_authdata_context_module *module = 
&context->modules[i];
 164         size_t size;
 165


I use a MIT kdc so I would not expect authorization data.  Is this a known 
bug in 1.8.1 ?

Markus 





More information about the Kerberos mailing list