The Samba-Bugzilla – Attachment 7633 Details for
Bug 8988
avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
proposed fix based on the fix in master
0001-s3-librpc-crypto-avoid-crash-with-MIT-krb5-1.10.0-in.patch (text/plain), 1.82 KB, created by
Alexander Bokovoy
on 2012-06-07 15:30:03 UTC
(
hide
)
Description:
proposed fix based on the fix in master
Filename:
MIME Type:
Creator:
Alexander Bokovoy
Created:
2012-06-07 15:30:03 UTC
Size:
1.82 KB
patch
obsolete
>From 6d10d41ef71f5b0d09a1b3c45d1d91d81a367c63 Mon Sep 17 00:00:00 2001 >From: Alexander Bokovoy <ab@samba.org> >Date: Thu, 7 Jun 2012 18:24:38 +0300 >Subject: [PATCH] s3-librpc-crypto: avoid crash with MIT krb5 1.10.0 in > gss_get_name_attribute() > >gss_get_name_attribute() can return unintialized pac_display_buffer >and later gss_release_buffer() will crash on attempting to release it. > >The fix on MIT krb5 side is in 1.10.1, reported in both Debian and MIT upstream: >http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514 >http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087 > >We need to initialize variables before using gss_get_name_attribute() >--- > source3/librpc/crypto/gse.c | 20 ++++++++++++++++++-- > 1 file changed, 18 insertions(+), 2 deletions(-) > >diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c >index 335dc1c..02fb0f6 100644 >--- a/source3/librpc/crypto/gse.c >+++ b/source3/librpc/crypto/gse.c >@@ -688,8 +688,24 @@ NTSTATUS gse_get_pac_blob(struct gse_context *gse_ctx, > TALLOC_CTX *mem_ctx, DATA_BLOB *pac_blob) > { > OM_uint32 gss_min, gss_maj; >- gss_buffer_desc pac_buffer; >- gss_buffer_desc pac_display_buffer; >+/* >+ * gss_get_name_attribute() in MIT krb5 1.10.0 can return unintialized pac_display_buffer >+ * and later gss_release_buffer() will crash on attempting to release it. >+ * >+ * So always initialize the buffer descriptors. >+ * >+ * See following links for more details: >+ * http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=658514 >+ * http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=7087 >+ */ >+ gss_buffer_desc pac_buffer = { >+ .value = NULL, >+ .length = 0 >+ }; >+ gss_buffer_desc pac_display_buffer = { >+ .value = NULL, >+ .length = 0 >+ }; > gss_buffer_desc pac_name = { > .value = discard_const_p(char, "urn:mspac:"), > .length = sizeof("urn:mspac:") - 1 >-- >1.7.10 >
You cannot view the attachment while viewing its details because your browser does not support IFRAMEs.
View the attachment on a separate page
.
View Attachment As Raw
Flags:
gd
:
review+
Actions:
View
Attachments on
bug 8988
: 7633