Bug 34363

Summary: Segmentation fault if krb5_init_context fails
Product: [Retired] Red Hat Linux Reporter: Simon Wilkinson <sxw>
Component: pam_krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Aaron Brown <abrown>
Severity: medium Docs Contact:
Priority: medium    
Version: 6.2   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-04-02 17:00:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Patch to fix this against 1.26 none

Description Simon Wilkinson 2001-04-02 16:42:35 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/4.76 [en] (X11; U; Linux 2.2.16_public-3.dcs.9 i686)

The pam_krb5 module doesn't initialise a number of variables which causes
it to segmentation fault if those variables are defined to a value other
than '0' by the compiler, or if krb5_init_context doesn't succeed.

In particular, config isn't initialised unless init_context() succeeds, so
can cause a seg fault when the DEBUG macro is run. In some portions of the
code 'ret' isn't initialised
either, so if it has a value other than 0, and init_context() succeeds
other problems
occur.

Reproducible: Always
Steps to Reproduce:
1. su to root
2. su to any other user.

Actual Results:  segmentation fault

Expected Results:  No segmentation fault

This occurs both with the pam_krb5 shipped with RedHat 6.2, and with the
latest one in Rawhide. I'm also using a later set of Kerberos libraries
than 6.2 ships with, but
this error is due to faults in the code.
Comment 1 Simon Wilkinson 2001-04-02 16:48:08 UTC 
I neglected to add that I've got a patch for this, which I'm currently testing.
Comment 2 Simon Wilkinson 2001-04-02 17:00:02 UTC 
Created attachment 14445 [details]
Patch to fix this against 1.26
Comment 3 Nalin Dahyabhai 2001-04-05 20:10:06 UTC 
These should already be fixed in 1.30, which was pushed out as a bug-fix (for 7,
where changes in 1.2.2 were breaking pam_krb5's creation of credential caches).
Please reopen this bug ID if you find that there are problems with this version.
Thanks!