Bug 123898 - saslauthd frees uninitialized memory
saslauthd frees uninitialized memory
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: cyrus-sasl (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-05-21 10:29 EDT by Enrico Scholz
Modified: 2007-11-30 17:10 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-26 22:32:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fixes usage of uninitialized memory (454 bytes, patch)
2004-05-21 10:35 EDT, Enrico Scholz
no flags Details | Diff

  None (edit)
Description Enrico Scholz 2004-05-21 10:29:34 EDT
Description of problem:

When running saslauthd with the kerberos5 method, uninitialized memory
can be freed in error-situations:

| # MALLOC_CHECK_=1 saslauthd -D -a kerberos5
| ...
| free(): invalid pointer 0xbffff2c8!
| ...

This happens e.g. when no 'host/...' key exists /etc/krb5.keytab.

It was reported upstream a year ago already:
http://www.irbs.net/internet/cyrus-sasl/0304/0097.html


Version-Release number of selected component (if applicable):

cyrus-sasl-2.1.18-2



Additional info:

The diagnostic why authentication fails without a hostkey was very
difficultly (saslauthd said 'internal error') and only the free() gave
me the needed hints.  Therefore, this bug should be kept perhaps ;)
Comment 1 Enrico Scholz 2004-05-21 10:35:42 EDT
Created attachment 100419 [details]
Fixes usage of uninitialized memory

It is probably not very portable to initialize 'krb5_data' structures directly.
Heimdal has a krb5_data_zero() function but I could not find something similar
for MIT krb5. Therefore the direct initialization...
Comment 2 Enrico Scholz 2004-05-21 11:17:37 EDT
New upstream report at
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=5641
Comment 3 Matthew Miller 2005-04-26 11:16:25 EDT
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Comment 4 Warren Togami 2005-04-26 20:48:57 EDT
Enrico is this still an issue in FC4?
Comment 5 Enrico Scholz 2005-04-26 22:32:53 EDT
I can not reproduce it anymore in FC4, but I can not remember exactly what I did
one year ago. I workarounded the bug on my systems so perhaps I am missing it
therefore. 

As nobody else cared about it, I will close the bug.

Note You need to log in before you can comment on or make changes to this bug.