[krbdev.mit.edu #1203] kinit -k -t segfaults
via RT
rt-comment at krbdev.mit.edu
Wed Mar 5 10:43:34 EST 2003
[hgm at lanl.gov - Fri Oct 4 11:17:08 2002]:
> On Thu, 3 Oct 2002 23:27:24 -0400 (EDT) "Sam Hartman via RT" wrote:
> > Do you believe that patch actually should solve the problem? If so,
> > why/how?
> >
> >
>
> BTW:
>
> With regard to my previous reply to this question, what put
> me on to the patch that seems to fix it for us was that a gdb
> on the core file that results without the patch shows the segfault
> in free(). It segfaults on libc5 linux platforms.
>
> The comment in the patch names the routine where the structure that's
> freed is delcared as a local variable. It seems that freeing local
> variables is asking for trouble.
>
> Harry
Here is an updated patch for the double-free. The old libc5 box I found
did not have any core dumps after applying it.
--- ./src/lib/krb5/krb/gic_keytab.c.LANL_doublefreefix Tue Apr 11
15:43:17 2000+++ ./src/lib/krb5/krb/gic_keytab.c Tue Oct 1 11:55:32
2002
@@ -25,7 +25,13 @@
if (as_key->enctype == etype)
return(0);
- krb5_free_keyblock(context, as_key);
+ /* krb5_free_keyblock frees as_key above and that is a local
+ * variable declaree in krb5_get_init_creds() and used below as
+ * well, so it should NOT be freed, only the contents can be
+ * freed. [Harry G McGavran hgm at lanl.gov]
+ */
+
+ krb5_free_keyblock_contents(context, as_key);
as_key->length = 0;
}
More information about the krb5-bugs
mailing list