possible bug in 1.6.1 gic_opt.c

Jeffrey Altman jaltman at columbia.edu
Tue May 1 19:04:16 EDT 2007 

Please try this patch to src/include/k5-int.h:

Index: k5-int.h
===================================================================
--- k5-int.h    (revision 19525)
+++ k5-int.h    (working copy)
@@ -1048,9 +1048,9 @@
 #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000

 #define krb5_gic_opt_is_extended(s) \
-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
 #define krb5_gic_opt_is_shadowed(s) \
-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
+    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)


 typedef struct _krb5_gic_opt_private {


Jeffrey Altman
Secure Endpoints Inc.


Mike Dopheide wrote:
> We're testing OpenSSH (with GSSAPI patches) and MIT Kerberos 1.6.1 on 
> RedHat Linux 4 (x86_64).   We're seeing a segfault in 
> krb5_get_init_creds_password.  Below is a backtrace and comments (Thanks 
> Jim).
> 
> Program received signal SIGSEGV, Segmentation fault.
> krb5int_gic_opt_to_opte (context=0x571fb0, opt=0x0, opte=0x7fbfffd4e8,
>     force=1, where=0x2a962d40b7 "krb5_get_init_creds_password")
>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c:235
> 235     ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c: No
> such file or directory.
>         in ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c
> (gdb) backtrace
> #0  krb5int_gic_opt_to_opte (context=0x571fb0, opt=0x0, 
> opte=0x7fbfffd4e8, force=1, where=0x2a962d40b7 
> "krb5_get_init_creds_password")
>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c:235
> 
> "This line is dereferencing opt, which is NULL.  It needs a check for 
> opt==NULL."
> 
> #1  0x0000002a962a9a3b in krb5_get_init_creds_password 
> (context=0x571fb0, creds=0x7fbfffe350, client=0x571710, 
> password=0x571d70 "vintage1990Z", prompter=0, data=0x0, start_time=0, 
> in_tkt_service=0x0, options=0x0)
>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_pwd.c:132
> 
> "Probably shouldn't be calling krb5int_gic_opt_to_opte() here if
> options==NULL."
> 
> If time permits tomorrow I'll see about writing a patch and retesting.
> 
> -Mike
> _______________________________________________
> krbdev mailing list             krbdev at mit.edu
> https://mailman.mit.edu/mailman/listinfo/krbdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3323 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070501/327eefcf/attachment.bin

More information about the krbdev mailing list