possible bug in 1.6.1 gic_opt.c

Jeffrey Altman jaltman at columbia.edu
Tue May 1 19:17:22 EDT 2007 

You will also need this patch to src/lib/krb5/krb/gc_frm_kdc.c:

Index: gic_opt.c
===================================================================
--- gic_opt.c   (revision 19536)
+++ gic_opt.c   (working copy)
@@ -206,7 +206,11 @@
     oe = krb5int_gic_opte_alloc(context);
     if (NULL == oe)
        return ENOMEM;
-    memcpy(oe, opt, sizeof(*opt));
+    if (opt)
+        memcpy(oe, opt, sizeof(*opt));
+    else
+        memset(oe, 0, sizeof(*opt));
+
     /* Fix these -- overwritten by the copy */
     oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
                   KRB5_GET_INIT_CREDS_OPT_SHADOWED);

Jeffrey Altman wrote:
> Please try this patch to src/include/k5-int.h:
> 
> Index: k5-int.h
> ===================================================================
> --- k5-int.h    (revision 19525)
> +++ k5-int.h    (working copy)
> @@ -1048,9 +1048,9 @@
>  #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
> 
>  #define krb5_gic_opt_is_extended(s) \
> -    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
> +    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
>  #define krb5_gic_opt_is_shadowed(s) \
> -    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
> +    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
> 
> 
>  typedef struct _krb5_gic_opt_private {
> 
> 
> Jeffrey Altman
> Secure Endpoints Inc.
> 
> 
> Mike Dopheide wrote:
>> We're testing OpenSSH (with GSSAPI patches) and MIT Kerberos 1.6.1 on 
>> RedHat Linux 4 (x86_64).   We're seeing a segfault in 
>> krb5_get_init_creds_password.  Below is a backtrace and comments (Thanks 
>> Jim).
>>
>> Program received signal SIGSEGV, Segmentation fault.
>> krb5int_gic_opt_to_opte (context=0x571fb0, opt=0x0, opte=0x7fbfffd4e8,
>>     force=1, where=0x2a962d40b7 "krb5_get_init_creds_password")
>>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c:235
>> 235     ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c: No
>> such file or directory.
>>         in ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c
>> (gdb) backtrace
>> #0  krb5int_gic_opt_to_opte (context=0x571fb0, opt=0x0, 
>> opte=0x7fbfffd4e8, force=1, where=0x2a962d40b7 
>> "krb5_get_init_creds_password")
>>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c:235
>>
>> "This line is dereferencing opt, which is NULL.  It needs a check for 
>> opt==NULL."
>>
>> #1  0x0000002a962a9a3b in krb5_get_init_creds_password 
>> (context=0x571fb0, creds=0x7fbfffe350, client=0x571710, 
>> password=0x571d70 "vintage1990Z", prompter=0, data=0x0, start_time=0, 
>> in_tkt_service=0x0, options=0x0)
>>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_pwd.c:132
>>
>> "Probably shouldn't be calling krb5int_gic_opt_to_opte() here if
>> options==NULL."
>>
>> If time permits tomorrow I'll see about writing a patch and retesting.
>>
>> -Mike
>> _______________________________________________
>> krbdev mailing list             krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> krbdev mailing list             krbdev at mit.edu
>> https://mailman.mit.edu/mailman/listinfo/krbdev
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3323 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20070501/5add8d54/attachment.bin

More information about the krbdev mailing list