Bug 123898 - saslauthd frees uninitialized memory
Summary: saslauthd frees uninitialized memory
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-sasl   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
Depends On:
TreeView+ depends on / blocked
Reported: 2004-05-21 14:29 UTC by Enrico Scholz
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-04-27 02:32:53 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Fixes usage of uninitialized memory (454 bytes, patch)
2004-05-21 14:35 UTC, Enrico Scholz
no flags Details | Diff

Description Enrico Scholz 2004-05-21 14:29:34 UTC
Description of problem:

When running saslauthd with the kerberos5 method, uninitialized memory
can be freed in error-situations:

| # MALLOC_CHECK_=1 saslauthd -D -a kerberos5
| ...
| free(): invalid pointer 0xbffff2c8!
| ...

This happens e.g. when no 'host/...' key exists /etc/krb5.keytab.

It was reported upstream a year ago already:

Version-Release number of selected component (if applicable):


Additional info:

The diagnostic why authentication fails without a hostkey was very
difficultly (saslauthd said 'internal error') and only the free() gave
me the needed hints.  Therefore, this bug should be kept perhaps ;)

Comment 1 Enrico Scholz 2004-05-21 14:35:42 UTC
Created attachment 100419 [details]
Fixes usage of uninitialized memory

It is probably not very portable to initialize 'krb5_data' structures directly.
Heimdal has a krb5_data_zero() function but I could not find something similar
for MIT krb5. Therefore the direct initialization...

Comment 2 Enrico Scholz 2004-05-21 15:17:37 UTC
New upstream report at

Comment 3 Matthew Miller 2005-04-26 15:16:25 UTC
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 4 Warren Togami 2005-04-27 00:48:57 UTC
Enrico is this still an issue in FC4?

Comment 5 Enrico Scholz 2005-04-27 02:32:53 UTC
I can not reproduce it anymore in FC4, but I can not remember exactly what I did
one year ago. I workarounded the bug on my systems so perhaps I am missing it

As nobody else cared about it, I will close the bug.

Note You need to log in before you can comment on or make changes to this bug.