gensec: Fix a memory corruption in gensec_use_kerberos_mechs
Andrew Bartlett
abartlet at samba.org
Thu Feb 9 19:25:31 MST 2012
On Thu, 2012-02-09 at 19:45 +0100, Volker Lendecke wrote:
> The branch, master has been updated
> via 744ed53 gensec: Fix a memory corruption in gensec_use_kerberos_mechs
> from 5ec1273 s3-printing: Add new printers to registry.
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit 744ed53a62037a659133ccd4de2065491208ae7d
> Author: Volker Lendecke <vl at samba.org>
> Date: Thu Feb 9 16:07:12 2012 +0100
>
> gensec: Fix a memory corruption in gensec_use_kerberos_mechs
>
> Without this I get the following valgrind error:
>
> ==27740== Invalid write of size 8
> ==27740== at 0x62C53E: gensec_use_kerberos_mechs (gensec_start.c:112)
> ==27740== by 0x62C623: gensec_security_mechs (gensec_start.c:141)
> ==27740== by 0x62C777: gensec_security_by_oid (gensec_start.c:181)
> ==27740== by 0x62DD6E: gensec_start_mech_by_oid (gensec_start.c:735)
> In the for-loop we can increment j twice, so we need twice as many output array
> elements as input array elements.
Thanks for finding this!
In this case it wasn't intentional that there ever be more output
mechanisms than were input to the filter, so I would like to propose an
alternate approach.
I've attached a proposed patch, but unfortunately (and oddly) I've been
unable to reproduce the original issue under valgrind. Can you
double-check it for me?
Thanks!
Andrew Bartlett
--
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Revert-gensec-Fix-a-memory-corruption-in-gensec_use_.patch
Type: text/x-patch
Size: 1066 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120210/7f3f4b3e/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0002-gensec-set-flag-to-continue-in-outer-for-loop-in-gen.patch
Type: text/x-patch
Size: 1398 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20120210/7f3f4b3e/attachment-0001.bin>
More information about the samba-technical
mailing list