krb5_free_data

Markus Moeller huaraz at moeller.plus.com
Sun Jun 22 08:04:59 EDT 2014


Hi Tom,

I see.  So if k5_pac_locate_buffer returns with an error I may get this 
problem ?

krb5_error_code KRB5_CALLCONV
krb5_pac_get_buffer(krb5_context context,
                    krb5_pac pac,
                    krb5_ui_4 type,
                    krb5_data *data)
{
    krb5_data d;
    krb5_error_code ret;

    ret = k5_pac_locate_buffer(context, pac, type, &d);
    if (ret != 0)
        return ret;

    data->data = malloc(d.length);
    if (data->data == NULL)
        return ENOMEM;
...


Thank you
Markus


"Tom Yu"  wrote in message news:ldvvbrterem.fsf at sarnath.mit.edu...

Markus Moeller <huaraz at moeller.plus.com> writes:

> (gdb) where
> #0  0x00007ffff5f911b5 in *__GI_raise (sig=<value optimized out>) at
> ../nptl/sysdeps/unix/sysv/linux/raise.c:64
> #1  0x00007ffff5f93fc0 in *__GI_abort () at abort.c:92
> #2  0x00007ffff5fc75bb in __libc_message (do_abort=<value optimized out>,
> fmt=<value optimized out>) at ../sysdeps/unix/sysv/linux/libc_fatal.c:189
> #3  0x00007ffff5fd0e16 in malloc_printerr (action=3, str=0x7ffff6088748
> "double free or corruption (fasttop)", ptr=<value optimized out>)
>     at malloc.c:6267
> #4  0x00007ffff5fd5b8c in *__GI___libc_free (mem=<value optimized out>) at
> malloc.c:3739
> #5  0x00007ffff7939472 in krb5_free_data (context=<value optimized out>,
> val=0x6171f0) at ../../../../src/lib/krb5/krb/kfree.c:253
> #6  0x00000000004051a4 in get_ad_groups (ad_groups=0x7fffffffaff0 "",
> context=0x60f9e0, pac=0x0) at negotiate_kerberos_pac.cc:464
> #7  0x0000000000403265 in main (argc=5, argv=0x7fffffffe0e8) at
> negotiate_kerberos_auth.cc:419
>
> and line 253 is free(val->data)
>
> The code I have is the following and I get an error in 
> krb5_pac_get_buffer:
> Invalid argument
>
>
> ad_data = (krb5_data *)xmalloc(sizeof(krb5_data));
>
> #define KERB_LOGON_INFO 1
>     ret = krb5_pac_get_buffer(context, pac, KERB_LOGON_INFO, ad_data);
>     if (check_k5_err(context, "krb5_pac_get_buffer", ret))
>         goto k5clean;
>
>
> k5clean:
>     krb5_free_data(context, ad_data);
>
> Maybe there is something wrong. I usually do not get this error, but I 
> don't
> know why it happens sometimes.

It appears that krb5_pac_get_buffer() does not initialize its output
parameter on error conditions.  This is probably a bug.  As a
workaround, consider using calloc() to allocate ad_data so that the
pointer gets initialized to NULL.
_______________________________________________
krbdev mailing list             krbdev at mit.edu
https://mailman.mit.edu/mailman/listinfo/krbdev 




More information about the krbdev mailing list