Crash in sendto_kdc.c

mogasale.tech mogasale.tech at gmail.com
Fri Apr 12 00:01:55 EDT 2019 

Hi Greg,

Sorry for delayed confirmation, it took a while for us to catch hold of the
specific environments where we used to see these issues. Recently we could
test our application with the below suggested fix on environments where we
used to see regular crashes. With this fix, the issue looks resolved and
application is now running smooth with no crashes. Thanks for the valuable
suggestions.

I also see that the fix is already incorporated as part of krb5-1.17. Will
go ahead and use that. Thanks again.

Regards,
Rama

On Fri, 5 Oct 2018 at 01:31, Greg Hudson <ghudson at mit.edu> wrote:

> [Removing kfwdev from the CC line; we no longer have a separate Windows
> development team, so just krbdev is fine.]
>
> On 10/04/2018 08:47 AM, mogasale.tech wrote:
> > conn.out.sgbuf[0] = {len = 4, buff = ‘\0’}
> > conn.out.sgbuf[1] = {len = 1882, buff = ‘some data’}
> > conn.out.sgp = {len=??? buf=??? }
> > conn.out.sg_count = -10339
> > conn.out.msg_len_buf = ""
> > nwritten = 3199132154
>
> Thanks for the additional information.  I think I finally know what is
> going wrong here: SOCKET_WRITEV() is trying to return -1, but due to the
> intricacies of the C type system, it is being treated as 2^32-1 on
> 64-bit Windows.
>
> The fix I would like to try is to edit src/include/port-sockets.h and
> change the first definition of SOCKET_WRITEV to:
>
> #define SOCKET_WRITEV(FD, SG, LEN, TMP)                         \
>      (WSASend((FD), (SG), (LEN), &(TMP), 0, 0, 0) ?              \
>       (ssize_t)-1 : (ssize_t)(TMP))
>
> where the change is the addition of the (ssize_t) casts.
>
> Without the casts, the type of the conditional expression is unsigned
> 32-bit, because -1 has type int and TMP has type DWORD, and unsigned
> wins over signed for integer types of equal size.  The quantity -1 in
> that type has the value 2^32-1.  When that value is cast to ssize_t
> (signed 64-bit on 64-bit Windows), it retains the large positive value
> instead of reverting back to -1 as it would on 32-bit Windows.
>

More information about the krbdev mailing list