Bug 123898

Summary: saslauthd frees uninitialized memory
Product: [Fedora] Fedora Reporter: Enrico Scholz <rh-bugzilla>
Component: cyrus-saslAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WORKSFORME QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mattdm, mjc, wtogami
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-04-27 02:32:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fixes usage of uninitialized memory none

Description Enrico Scholz 2004-05-21 14:29:34 UTC 
Description of problem:

When running saslauthd with the kerberos5 method, uninitialized memory
can be freed in error-situations:

| # MALLOC_CHECK_=1 saslauthd -D -a kerberos5
| ...
| free(): invalid pointer 0xbffff2c8!
| ...

This happens e.g. when no 'host/...' key exists /etc/krb5.keytab.

It was reported upstream a year ago already:
http://www.irbs.net/internet/cyrus-sasl/0304/0097.html


Version-Release number of selected component (if applicable):

cyrus-sasl-2.1.18-2



Additional info:

The diagnostic why authentication fails without a hostkey was very
difficultly (saslauthd said 'internal error') and only the free() gave
me the needed hints.  Therefore, this bug should be kept perhaps ;)
Comment 1 Enrico Scholz 2004-05-21 14:35:42 UTC 
Created attachment 100419 [details]
Fixes usage of uninitialized memory

It is probably not very portable to initialize 'krb5_data' structures directly.
Heimdal has a krb5_data_zero() function but I could not find something similar
for MIT krb5. Therefore the direct initialization...
Comment 2 Enrico Scholz 2004-05-21 15:17:37 UTC 
New upstream report at
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=5641
Comment 3 Matthew Miller 2005-04-26 15:16:25 UTC 
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 4 Warren Togami 2005-04-27 00:48:57 UTC 
Enrico is this still an issue in FC4?
Comment 5 Enrico Scholz 2005-04-27 02:32:53 UTC 
I can not reproduce it anymore in FC4, but I can not remember exactly what I did
one year ago. I workarounded the bug on my systems so perhaps I am missing it
therefore. 

As nobody else cared about it, I will close the bug.