MIT Kerberos 1.14 : gssint_get_mechanism_cred crash

Vipul Mehta vipulmehta.1989 at
Thu Jun 14 07:05:01 EDT 2018


We are facing crash in our application while kerberos security context
initialization inside gssint_get_mechanism_cred function.

Stacktrace is as following:
0x00007f96b93e0641 in gssint_get_mechanism_cred (union_cred=0x7f96ac3fa5c0,
mech_type=0xe5d420) at g_glue.c:704
#5  0x00007f96b93e1caf in gss_init_sec_context
(minor_status=0x7f9685feda5c, claimant_cred_handle=0x7f96ac3fa5c0,
context_handle=0x7f969c458c98, target_name=0x7f969c1f8fa0,
    req_mech_type=<value optimized out>, req_flags=6, time_req=0,
input_chan_bindings=0x0, input_token=0x7f9685feda30, actual_mech_type=0x0,
output_token=0x7f9685feda20, ret_flags=0x0, time_rec=0x0)
    at g_init_sec_context.c:204
#6  0x00007f96bb666a55 in Curl_gss_init_sec_context () from
#7  0x00007f96bb655f19 in Curl_input_negotiate () from
#8  0x00007f96bb6306d4 in Curl_http_input_auth () from
#9  0x00007f96bb631abd in Curl_http_readwrite_headers () from
#10 0x00007f96bb649a4a in Curl_readwrite () from
#11 0x00007f96bb65271a in multi_runsingle () from
#12 0x00007f96bb6533ab in curl_multi_perform () from
#13 0x00007f96bb64b154 in curl_easy_perform () from

Looks like memcmp is causing the issue.

&union_cred->mechs_array[i]->length is 9
mech_type->length is 9
mech_type->elements is not NULL
(&union_cred->mechs_array[i])->elements is also not NULL

Is anyone aware of such issue. Any possible fix ? Let me know if you need
more information.


More information about the krbdev mailing list