Red Hat Bugzilla – Bug 123898
saslauthd frees uninitialized memory
Last modified: 2007-11-30 17:10:43 EST
Description of problem:
When running saslauthd with the kerberos5 method, uninitialized memory
can be freed in error-situations:
| # MALLOC_CHECK_=1 saslauthd -D -a kerberos5
| free(): invalid pointer 0xbffff2c8!
This happens e.g. when no 'host/...' key exists /etc/krb5.keytab.
It was reported upstream a year ago already:
Version-Release number of selected component (if applicable):
The diagnostic why authentication fails without a hostkey was very
difficultly (saslauthd said 'internal error') and only the free() gave
me the needed hints. Therefore, this bug should be kept perhaps ;)
Created attachment 100419 [details]
Fixes usage of uninitialized memory
It is probably not very portable to initialize 'krb5_data' structures directly.
Heimdal has a krb5_data_zero() function but I could not find something similar
for MIT krb5. Therefore the direct initialization...
New upstream report at
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.
Enrico is this still an issue in FC4?
I can not reproduce it anymore in FC4, but I can not remember exactly what I did
one year ago. I workarounded the bug on my systems so perhaps I am missing it
As nobody else cared about it, I will close the bug.