Heap Corruption with large authorization header values

Tim Vega tvega at tableausoftware.com
Wed Oct 1 16:19:30 EDT 2014


We have mod_auth_kerb 5.4 running with krb5-1.12.2

When sending a request with a very large authorization value, 12462 characters and sample attached, the kerberos library encounters a heap corruption somewhere in a call to gss_accept_sec_context.
The data that appears to be corrupted is pointed to by the variable mechtok_out in spnego_gss_accept_sec_context in lib/gssapi/spnego/spnego_mech.c. The corruption gets detected by a call to gss_release_buffer in the cleanup routine of the same function.

Has anyone seen this before? Is this expected behavior given a large auth header?


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: largeheader.txt
Url: http://mailman.mit.edu/pipermail/krbdev/attachments/20141001/3b12f26b/attachment-0001.txt

More information about the krbdev mailing list