Thread safety issue in krb5_verify_init_creds() when passing ccache pointer to null?
thomas at sondergaard.cc
Mon May 31 11:34:57 EDT 2021
On Fri, May 28, 2021 at 6:31 PM Greg Hudson <ghudson at mit.edu> wrote:
> On 5/28/21 5:14 AM, Thomas Sondergaard wrote:
> > It calls krb5_parse_name to create a principal from princ_name and then
> > krb5_get_init_creds_passwords to create a krb5_creds. It then calls
> > krb5_verify_init_creds(). If that checks out it then calls
> > krb5_cc_get_principal to dig the principal out of the returned
> > and then calls krb5_unparse_name and returns that to the caller. Is
> > any situation where this returned principal will be different from the
> > the caller of the function provided?
> There isn't. The returned ccache is initialized with creds->client
> (vfy_increds.c:162), so reading its principal will just give that back
Excellent. That makes the bug irrelevant for me, as I am now just calling
krb5_get_init_creds_password() with a null pointer for ccache.
> >> With what version of the krb5 libraries? The issue you identified
> >> is a concern, but a crash indicates a problem in the ccache layer.
> >> Ticket #8202 (fixed in 1.17) addresses a bug that could explain the
> > It is on CentOS 8.3.2011 with krb5-libs-1.18.2-5.el8.x86_64
> In that case, if you have the ability to get a stack trace for the
> crash, I'd be interested in seeing it.
For the next 80-90 days you can use this link:
https://sentry.io/share/issue/abfd015151f2493898af980fc94bee79/ where you
can see the stacktrace of the crashing thread and all the other threads.
The crashing thread itself has this stack. I don't think it is that
helpful. My function getDefaultPrincipal() calls krb5_cc_get_principal()
followed by krb5_unparse_name() to get the string representation of the
PosixSignal: Signal 11 in node
File "<unknown>", in __memmove_sse2_unaligned_erms
File "/usr/include/bits/string_fortified.h", line 34, in memcpy
line 93, in krb5int_copy_data_contents_add0
line 63, in krb5_copy_principal
File "<unknown>", in getDefaultPrincipal[abi:cxx11]
File "<unknown>", in verifyCredentials
File "<unknown>", in std::_Function_handler<T>::_M_invoke
File "<unknown>", in SimplePromiseWorker::Execute
File "<unknown>", in Napi::AsyncWorker::OnExecute
File "/home/iojs/build/ws/out/../deps/uv/src/threadpool.c", line 122, in
File "<unknown>", in start_thread
File "<unknown>", in clone
More information about the krbdev