Red Hat Bugzilla – Full Text Bug Listing
|Summary:||Buffer overflow when SElinux enabled.|
|Product:||[Fedora] Fedora||Reporter:||Pawel Salek <pawsa>|
|Component:||krb5||Assignee:||Nalin Dahyabhai <nalin>|
|Status:||CLOSED ERRATA||QA Contact:||Fedora Extras Quality Assurance <extras-qa>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-03-23 07:52:48 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description Pawel Salek 2008-03-06 12:24:14 EST
Description of problem: selinux-label patch adds code that does not compute buffer size correctly (a typical off-by-one error). This will at best corrupt heap whenever the code is executed. Version-Release number of selected component (if applicable): krb5-workstation-1.6.2-11.fc8 krb5-1.6.1-17.el5 is affected as well. How reproducible: 100% Steps to Reproduce: 1. have selinux enabled. 2. try transferring a file from a local directory so that path does not start with /. 3. watch heap being corrupted (MALLOC_CHECK_=2 helps to see it already at the first time). Additional info: Patch will be attached.
Comment 1 Pawel Salek 2008-03-06 12:25:51 EST
Created attachment 297075 [details] One-line patch Trivial fix.
Comment 2 Pawel Salek 2008-03-07 06:58:42 EST
Bug present also in ftp program as distributed with krb5-1.6.2-13.fc8
Comment 3 Nalin Dahyabhai 2008-03-18 12:12:37 EDT
Going to include the fix in 1.6.2-14, leaving open until it's pushed as an update.
Comment 4 Fedora Update System 2008-03-18 14:50:45 EDT
krb5-1.6.2-14.fc8 has been submitted as an update for Fedora 8
Comment 5 Fedora Update System 2008-03-21 18:20:16 EDT
krb5-1.6.2-14.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Pawel Salek 2008-03-23 07:52:48 EDT
The bug appears to be gone in krb5-1.6.2-14.fc8