[SCM] Samba Shared Repository - branch master updated
Alexander Bokovoy
ab at samba.org
Wed Jun 6 22:44:00 MDT 2012
Karolin,
this fix needs to go to 3.6 as well. The code was first introduced in
1bb6b841 and is in all 3.6 releases (in source3/librpc/crypto/gse.c).
It affects systems with MIT krb5 1.10 (Fedora 17, Ubuntu 12.04).
I'll open a bug and make a patch available today.
On Wed, Jun 6, 2012 at 7:23 PM, Alexander Bokovoy <ab at samba.org> wrote:
> The branch, master has been updated
> via 238d24a auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
> from f3df298 s4 dns: Correctly handle A questions for CNAMEs
>
> http://gitweb.samba.org/?p=samba.git;a=shortlog;h=master
>
>
> - Log -----------------------------------------------------------------
> commit 238d24af4ed1457b684b6e497d1ca134f9ea567d
> Author: Alexander Bokovoy <ab at samba.org>
> Date: Wed Jun 6 16:52:18 2012 +0300
>
> auth-kerberos: avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
>
> gss_get_name_attribute() can return unintialized pac_display_buffer
> and later gss_release_buffer() will crash on attempting to release it.
>
> The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
> http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087
>
> We need to initialize variables before using gss_get_name_attribute()
>
> Autobuild-User: Alexander Bokovoy <ab at samba.org>
> Autobuild-Date: Wed Jun 6 18:22:51 CEST 2012 on sn-devel-104
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> auth/kerberos/gssapi_pac.c | 20 ++++++++++++++++++--
> 1 files changed, 18 insertions(+), 2 deletions(-)
>
>
> Changeset truncated at 500 lines:
>
> diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
> index dadae1a..a174052 100644
> --- a/auth/kerberos/gssapi_pac.c
> +++ b/auth/kerberos/gssapi_pac.c
> @@ -80,8 +80,24 @@ NTSTATUS gssapi_obtain_pac_blob(TALLOC_CTX *mem_ctx,
> NTSTATUS status;
> OM_uint32 gss_maj, gss_min;
> #ifdef HAVE_GSS_GET_NAME_ATTRIBUTE
> - gss_buffer_desc pac_buffer;
> - gss_buffer_desc pac_display_buffer;
> +/*
> + * gss_get_name_attribute() in MIT krb5 1.10.0 can return unintialized pac_display_buffer
> + * and later gss_release_buffer() will crash on attempting to release it.
> + *
> + * So always initialize the buffer descriptors.
> + *
> + * See following links for more details:
> + * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514
> + * http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087
> + */
> + gss_buffer_desc pac_buffer = {
> + .value = NULL,
> + .length = 0
> + };
> + gss_buffer_desc pac_display_buffer = {
> + .value = NULL,
> + .length = 0
> + };
> gss_buffer_desc pac_name = {
> .value = discard_const("urn:mspac:"),
> .length = sizeof("urn:mspac:")-1
>
>
> --
> Samba Shared Repository
--
/ Alexander Bokovoy
More information about the samba-technical
mailing list