[krbdev.mit.edu #6766] Buffer overrun in t_ser within the profile library...

Ezra Peisach via RT rt-comment at krbdev.mit.edu
Wed Sep 1 17:33:02 EDT 2010 

This is with the trunk right now... (Aug 30, 2010, 9pm EDT)

make check inside the lib/krb5/krb with valgrind finds errors in the 
profile library from t_ser...

This can be reproduced in a build tree with:

 (export LD_LIBRARY_PATH=../..; export 
KRB5_CONFIG=../../../../src/lib/krb5/krb/t_krb5.conf ; valgrind 
--tool=memcheck  ./t_ser)


==24033== Memcheck, a memory error detector
==24033== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==24033== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==24033== Command: ./t_ser
==24033==
==24033== Invalid read of size 4
==24033==    at 0x408369C: profile_ser_size (prof_init.c:274)
==24033==    by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033==    by 0x804E304: krb5_externalize_data (serialize.c:139)
==24033==    by 0x804A2C7: ser_data (t_ser.c:100)
==24033==    by 0x804B128: main (t_ser.c:213)
==24033==  Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033==    by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033==    by 0x4081138: profile_open_file (prof_file.c:267)
==24033==    by 0x4083ADB: profile_init (prof_init.c:44)
==24033==    by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033==    by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033==    by 0x4057081: init_common (init_ctx.c:164)
==24033==    by 0x804AEF6: main (t_ser.c:666)
==24033==
=24033== Invalid read of size 4
==24033==    at 0x408369C: profile_ser_size (prof_init.c:274)
==24033==    by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033==    by 0x804D628: krb5_context_externalize (ser_ctx.c:200)
==24033==    by 0x804E356: krb5_externalize_data (serialize.c:143)
==24033==    by 0x804A2C7: ser_data (t_ser.c:100)
==24033==    by 0x804B128: main (t_ser.c:213)
==24033==  Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033==    by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033==    by 0x4081138: profile_open_file (prof_file.c:267)
==24033==    by 0x4083ADB: profile_init (prof_init.c:44)
==24033==    by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033==    by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033==    by 0x4057081: init_common (init_ctx.c:164)
==24033==    by 0x804AEF6: main (t_ser.c:666)
==24033==

and so on...

filespec is  "../../../../src" 

running strace on the the process find the only access to ../../../src 
is looking at t_krb5.conf


-

More information about the krb5-bugs mailing list