[krbdev.mit.edu #6767] Re: Buffer overrun in t_ser within the profile library...

Ezra Peisach via RT rt-comment at krbdev.mit.edu
Wed Sep 1 17:33:02 EDT 2010 

Err - never mind.... gcc optimization with strlen looking 4 bytes at a 
time.... Take off -O2 and everything fine...

Ezra Peisach wrote:
> This is with the trunk right now... (Aug 30, 2010, 9pm EDT)
>
> make check inside the lib/krb5/krb with valgrind finds errors in the 
> profile library from t_ser...
>
> This can be reproduced in a build tree with:
>
> (export LD_LIBRARY_PATH=../..; export 
> KRB5_CONFIG=../../../../src/lib/krb5/krb/t_krb5.conf ; valgrind 
> --tool=memcheck  ./t_ser)
>
>
> ==24033== Memcheck, a memory error detector
> ==24033== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
> ==24033== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright 
> info
> ==24033== Command: ./t_ser
> ==24033==
> ==24033== Invalid read of size 4
> ==24033==    at 0x408369C: profile_ser_size (prof_init.c:274)
> ==24033==    by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
> ==24033==    by 0x804E304: krb5_externalize_data (serialize.c:139)
> ==24033==    by 0x804A2C7: ser_data (t_ser.c:100)
> ==24033==    by 0x804B128: main (t_ser.c:213)
> ==24033==  Address 0x40ff828 is 128 bytes inside a block of size 129 
> alloc'd
> ==24033==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
> ==24033==    by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
> ==24033==    by 0x4081138: profile_open_file (prof_file.c:267)
> ==24033==    by 0x4083ADB: profile_init (prof_init.c:44)
> ==24033==    by 0x40793B7: os_init_paths (init_os_ctx.c:331)
> ==24033==    by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
> ==24033==    by 0x4057081: init_common (init_ctx.c:164)
> ==24033==    by 0x804AEF6: main (t_ser.c:666)
> ==24033==
> =24033== Invalid read of size 4
> ==24033==    at 0x408369C: profile_ser_size (prof_init.c:274)
> ==24033==    by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
> ==24033==    by 0x804D628: krb5_context_externalize (ser_ctx.c:200)
> ==24033==    by 0x804E356: krb5_externalize_data (serialize.c:143)
> ==24033==    by 0x804A2C7: ser_data (t_ser.c:100)
> ==24033==    by 0x804B128: main (t_ser.c:213)
> ==24033==  Address 0x40ff828 is 128 bytes inside a block of size 129 
> alloc'd
> ==24033==    at 0x4005BDC: malloc (vg_replace_malloc.c:195)
> ==24033==    by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
> ==24033==    by 0x4081138: profile_open_file (prof_file.c:267)
> ==24033==    by 0x4083ADB: profile_init (prof_init.c:44)
> ==24033==    by 0x40793B7: os_init_paths (init_os_ctx.c:331)
> ==24033==    by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
> ==24033==    by 0x4057081: init_common (init_ctx.c:164)
> ==24033==    by 0x804AEF6: main (t_ser.c:666)
> ==24033==
>
> and so on...
>
> filespec is  "../../../../src"
> running strace on the the process find the only access to ../../../src 
> is looking at t_krb5.conf
>
>
> -
>
>


-- 
=======================================================================
Ezra Peisach, Ph.D.
RCSB Protein Data Bank
Department of Chemistry and Chemical Biology
Rutgers The State University of New Jersey
610 Taylor Road
Piscataway, NJ 08854-8087

Email:  peisach at rcsb.rutgers.edu
Phone:  (732) 445-0103  Fax:    (732)-445-4320
========================================================================

More information about the krb5-bugs mailing list