possible bug in 1.6.1 gic_opt.c

Mike Dopheide dopheide at ncsa.uiuc.edu
Wed May 2 13:25:51 EDT 2007 

This tests out okay.  I'm assuming the k5-int.h patch was still needed, 
is that correct?

-Mike

Jeffrey Altman wrote:
> Here is the correct / tested patch.  It applies to gic_opt.c not
> gc_frm_kdc.c.
> 
> Index: gic_opt.c
> ===================================================================
> --- gic_opt.c   (revision 19536)
> +++ gic_opt.c   (working copy)
> @@ -206,11 +206,21 @@
>      oe = krb5int_gic_opte_alloc(context);
>      if (NULL == oe)
>         return ENOMEM;
> -    memcpy(oe, opt, sizeof(*opt));
> -    /* Fix these -- overwritten by the copy */
> -    oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
> -                  KRB5_GET_INIT_CREDS_OPT_SHADOWED);
> +
> +    if (opt)
> +        memcpy(oe, opt, sizeof(*opt));
> 
> +    /*
> +     * Fix the flags -- the EXTENDED flag would have been
> +     * overwritten by the copy if there was one.  The
> +     * SHADOWED flag is necessary to ensure that the
> +     * krb5_gic_opt_ext structure that was allocated
> +     * here will be freed by the library because the
> +     * application is unaware of its existence.
> +     */
> +    oe->flags |= (KRB5_GET_INIT_CREDS_OPT_EXTENDED |
> +                  KRB5_GET_INIT_CREDS_OPT_SHADOWED);
> +
>      *opte = oe;
>      return 0;
>  }
> 
> Jeffrey Altman wrote:
>> You will also need this patch to src/lib/krb5/krb/gc_frm_kdc.c:
>>
>> Index: gic_opt.c
>> ===================================================================
>> --- gic_opt.c   (revision 19536)
>> +++ gic_opt.c   (working copy)
>> @@ -206,7 +206,11 @@
>>      oe = krb5int_gic_opte_alloc(context);
>>      if (NULL == oe)
>>         return ENOMEM;
>> -    memcpy(oe, opt, sizeof(*opt));
>> +    if (opt)
>> +        memcpy(oe, opt, sizeof(*opt));
>> +    else
>> +        memset(oe, 0, sizeof(*opt));
>> +
>>      /* Fix these -- overwritten by the copy */
>>      oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
>>                    KRB5_GET_INIT_CREDS_OPT_SHADOWED);
>>
>> Jeffrey Altman wrote:
>>> Please try this patch to src/include/k5-int.h:
>>>
>>> Index: k5-int.h
>>> ===================================================================
>>> --- k5-int.h    (revision 19525)
>>> +++ k5-int.h    (working copy)
>>> @@ -1048,9 +1048,9 @@
>>>  #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
>>>
>>>  #define krb5_gic_opt_is_extended(s) \
>>> -    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
>>> +    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
>>>  #define krb5_gic_opt_is_shadowed(s) \
>>> -    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
>>> +    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
>>>
>>>
>>>  typedef struct _krb5_gic_opt_private {
>>>
>>>
>>> Jeffrey Altman
>>> Secure Endpoints Inc.
>>>
>>>
>>> Mike Dopheide wrote:
>>>> We're testing OpenSSH (with GSSAPI patches) and MIT Kerberos 1.6.1 on 
>>>> RedHat Linux 4 (x86_64).   We're seeing a segfault in 
>>>> krb5_get_init_creds_password.  Below is a backtrace and comments (Thanks 
>>>> Jim).
>>>>
>>>> Program received signal SIGSEGV, Segmentation fault.
>>>> krb5int_gic_opt_to_opte (context=0x571fb0, opt=0x0, opte=0x7fbfffd4e8,
>>>>     force=1, where=0x2a962d40b7 "krb5_get_init_creds_password")
>>>>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c:235
>>>> 235     ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c: No
>>>> such file or directory.
>>>>         in ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c
>>>> (gdb) backtrace
>>>> #0  krb5int_gic_opt_to_opte (context=0x571fb0, opt=0x0, 
>>>> opte=0x7fbfffd4e8, force=1, where=0x2a962d40b7 
>>>> "krb5_get_init_creds_password")
>>>>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_opt.c:235
>>>>
>>>> "This line is dereferencing opt, which is NULL.  It needs a check for 
>>>> opt==NULL."
>>>>
>>>> #1  0x0000002a962a9a3b in krb5_get_init_creds_password 
>>>> (context=0x571fb0, creds=0x7fbfffe350, client=0x571710, 
>>>> password=0x571d70 "vintage1990Z", prompter=0, data=0x0, start_time=0, 
>>>> in_tkt_service=0x0, options=0x0)
>>>>     at ../../../../krb5-1.6.1.ncsa/src/lib/krb5/krb/gic_pwd.c:132
>>>>
>>>> "Probably shouldn't be calling krb5int_gic_opt_to_opte() here if
>>>> options==NULL."
>>>>
>>>> If time permits tomorrow I'll see about writing a patch and retesting.
>>>>
>>>> -Mike
>>>> _______________________________________________
>>>> krbdev mailing list             krbdev at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> krbdev mailing list             krbdev at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/krbdev
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> krbdev mailing list             krbdev at mit.edu
>>>> https://mailman.mit.edu/mailman/listinfo/krbdev
> 
>

More information about the krbdev mailing list