gensec: Fix a memory corruption in gensec_use_kerberos_mechs

Andrew Bartlett abartlet at
Fri Feb 10 02:53:32 MST 2012

On Fri, 2012-02-10 at 07:34 +0100, Volker Lendecke wrote:
> On Fri, Feb 10, 2012 at 01:25:31PM +1100, Andrew Bartlett wrote:
> > Thanks for finding this!  
> > 
> > In this case it wasn't intentional that there ever be more output
> > mechanisms than were input to the filter, so I would like to propose an
> > alternate approach. 
> > 
> > I've attached a proposed patch, but unfortunately (and oddly) I've been
> > unable to reproduce the original issue under valgrind.  Can you
> > double-check it for me?
> That is the approach I had initially done. But because it
> changes the core logic of the function I opted for the *2
> solution that Michael Adam proposed. There must have be a
> reason why spnego is added every time we go through the
> loop, and I did not understand that reason. Your patch also
> fixes the valgrind error, but we get less output than with
> my patch.

The aim of the function is to, given a list of possible gensec mechs:

if we are in the default AUTO have kerberos:
 - take a reference to the master list
 - always add spnego then:
 - if we 'MUST' have kerberos:
   only add kerberos mechs
 - if we 'DONT' want kerberos':
   only add non-kerberos mechs

I'll shortly autobuild this, and an additional patche with this


Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list