[krbdev.mit.edu #3685] EOF mistakenly interpreted as error causes re-use of closed stream
The RT System itself via RT
rt-comment at krbdev.mit.edu
Sat Apr 22 22:09:06 EDT 2006
>From krb5-bugs-incoming-bounces at PCH.mit.edu Sat Apr 22 22:09:00 2006
Received: from pch.mit.edu (PCH.MIT.EDU [18.7.21.90]) by krbdev.mit.edu (8.9.3p2) with ESMTP
id WAA25446; Sat, 22 Apr 2006 22:09:00 -0400 (EDT)
Received: from pch.mit.edu (pch.mit.edu [127.0.0.1])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k3N28PMF027605
for <krb5-send-pr at krbdev.mit.edu>; Sat, 22 Apr 2006 22:08:25 -0400
Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU
[18.7.21.83])
by pch.mit.edu (8.13.6/8.12.8) with ESMTP id k3LDd5J5005237
for <krb5-bugs-incoming at PCH.mit.edu>; Fri, 21 Apr 2006 09:39:05 -0400
Received: from farside.sncag.com ([217.111.56.2])
by pacific-carrier-annex.mit.edu (8.13.6/8.9.2) with ESMTP id
k3LDd7NM021001
for <krb5-bugs at mit.edu>; Fri, 21 Apr 2006 09:39:07 -0400 (EDT)
Received: from farside.sncag.com (localhost [127.0.0.1])
by farside.sncag.com (8.13.4/8.13.4/Debian-3sarge1) with ESMTP id
k3LDd6Y1015047
for <krb5-bugs at mit.edu>; Fri, 21 Apr 2006 15:39:06 +0200
Received: (from rw at localhost)
by farside.sncag.com (8.13.4/8.13.4/Submit) id k3LDd6GD015044;
Fri, 21 Apr 2006 15:39:06 +0200
Date: Fri, 21 Apr 2006 15:39:06 +0200
From: Rainer Weikusat <rainer.weikusat at sncag.com>
Message-Id: <200604211339.k3LDd6GD015044 at farside.sncag.com>
To: krb5-bugs at mit.edu
Subject: Incorrect error check in src/lib/krb5/keytab/kt_file.c
X-send-pr-version: 3.99
X-Spam-Score: -2.599
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
X-Mailman-Approved-At: Sat, 22 Apr 2006 22:08:24 -0400
X-BeenThere: krb5-bugs-incoming at mailman.mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
Reply-To: rainer.weikusat at sncag.com
Sender: krb5-bugs-incoming-bounces at PCH.mit.edu
Errors-To: krb5-bugs-incoming-bounces at PCH.mit.edu
>Submitter-Id: net
>Originator: Rainer Weikusat
>Organization: SNC AG
>Confidential: no
>Synopsis: EOF mistakenly interpreted as error causes re-use of closed stream
>Category: krb5-libs
>Class: sw-bug
>Release: 1.4.3
>Environment:
System: Linux farside 2.6.16.9 #3 Wed Apr 19 11:30:29 CEST 2006 i686 GNU/Linux
Architecture: i686
>Description:
The file mentioned in the subject contains the following code section,
which is supposed to deal with read errors occuring during an attempted
kvno read from an existing keytab file:
if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
if (feof(KTFILEP(id))) kerror = KRB5_KT_END;
else kerror = errno;
(void) krb5_unlock_file(context, fileno(KTFILEP(id)));
(void) fclose(KTFILEP(id));
return kerror;
}
This is incorrect, because xfread (fread) can return zero if the file exists
and is empty, with errno also being zero (because no error ocurred), which
will lead to the stream being closed without an error indication passed up
to the caller (which, in my case, will proceed with calling fseek on the
closed stream, returning KRB5_KT_END as EINVAL-in-disguise and finally
crashing inside malloc while trying to format an error message to be
printed describing this error (add codepath)).
>How-To-Repeat:
Call krb5_kt_add_entry w/ a keytab id refering to a file that exists
and is empty and try to print an error message via (Linux/Gnu) vsyslog
afterwards.
>Fix:
--- src/lib/krb5/keytab/kt_file.c 19 Mar 2006 14:42:00 -0000 1.1.1.1
+++ src/lib/krb5/keytab/kt_file.c 21 Apr 2006 13:14:34 -0000 1.2
@@ -1107,7 +1107,9 @@
} else {
/* gotta verify it instead... */
if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
- kerror = errno;
+ if (feof(KTFILEP(id))) kerror = KRB5_KT_END;
+ else kerror = errno;
+
(void) krb5_unlock_file(context, fileno(KTFILEP(id)));
(void) fclose(KTFILEP(id));
return kerror;
More information about the krb5-bugs
mailing list