[SCM] Samba Shared Repository - branch master updated

Alexander Bokovoy ab at samba.org
Wed Jun 6 22:44:00 MDT 2012


Karolin,

this fix needs to go to 3.6 as well. The code was first introduced in
1bb6b841 and is in all 3.6 releases (in source3/librpc/crypto/gse.c).
It affects systems with MIT krb5 1.10 (Fedora 17, Ubuntu 12.04).

I'll open a bug and make a patch available today.

On Wed, Jun 6, 2012 at 7:23 PM, Alexander Bokovoy <ab at samba.org> wrote:
> The branch, master has been updated
>       via  238d24a auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
>      from  f3df298 s4 dns: Correctly handle A questions for CNAMEs
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit 238d24af4ed1457b684b6e497d1ca134f9ea567d
> Author: Alexander Bokovoy <ab at samba.org>
> Date:   Wed Jun 6 16:52:18 2012 +0300
>
>    auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
>
>    gss_get_name_attribute() can return unintialized pac_display_buffer
>    and later gss_release_buffer() will crash on attempting to release it.
>
>    The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream:
>    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
>    http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087
>
>    We need to initialize variables before using gss_get_name_attribute()
>
>    Autobuild-User: Alexander Bokovoy <ab at samba.org>
>    Autobuild-Date: Wed Jun  6 18:22:51 CEST 2012 on sn-devel-104
>
> -----------------------------------------------------------------------
>
> Summary of changes:
>  auth/kerberos/gssapi_pac.c |   20 ++++++++++++++++++--
>  1 files changed, 18 insertions(+), 2 deletions(-)
>
>
> Changeset truncated at 500 lines:
>
> diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
> index dadae1a..a174052 100644
> --- a/auth/kerberos/gssapi_pac.c
> +++ b/auth/kerberos/gssapi_pac.c
> @@ -80,8 +80,24 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
>        NTSTATUS status;
>        OM_uint32 gss_maj, gss_min;
>  #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
> -       gss_buffer_desc pac_buffer;
> -       gss_buffer_desc pac_display_buffer;
> +/*
> + * gss_get_name_attribute() in MIT krb5 1.10.0 can return unintialized pac_display_buffer
> + * and later gss_release_buffer() will crash on attempting to release it.
> + *
> + * So always initialize the buffer descriptors.
> + *
> + * See following links for more details:
> + * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
> + * http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087
> + */
> +       gss_buffer_desc pac_buffer = {
> +               .value = NULL,
> +               .length = 0
> +       };
> +       gss_buffer_desc pac_display_buffer = {
> +               .value = NULL,
> +               .length = 0
> +       };
>        gss_buffer_desc pac_name = {
>                .value = discard_const("urn:mspac:"),
>                .length = sizeof("urn:mspac:")-1
>
>
> --
> Samba Shared Repository



-- 
/ Alexander Bokovoy


More information about the samba-technical mailing list