Bug 123898 - saslauthd frees uninitialized memory
Summary: saslauthd frees uninitialized memory
Status: CLOSED WORKSFORME
Alias: None
Product: Fedora
Classification: Fedora
Component: cyrus-sasl   
(Show other bugs)
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nalin Dahyabhai
QA Contact: Brian Brock
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-05-21 14:29 UTC by Enrico Scholz
Modified: 2007-11-30 22:10 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-27 02:32:53 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fixes usage of uninitialized memory (454 bytes, patch)
2004-05-21 14:35 UTC, Enrico Scholz
no flags Details | Diff

Description Enrico Scholz 2004-05-21 14:29:34 UTC
Description of problem:

When running saslauthd with the kerberos5 method, uninitialized memory
can be freed in error-situations:

| # MALLOC_CHECK_=1 saslauthd -D -a kerberos5
| ...
| free(): invalid pointer 0xbffff2c8!
| ...

This happens e.g. when no 'host/...' key exists /etc/krb5.keytab.

It was reported upstream a year ago already:
http://www.irbs.net/internet/cyrus-sasl/0304/0097.html


Version-Release number of selected component (if applicable):

cyrus-sasl-2.1.18-2



Additional info:

The diagnostic why authentication fails without a hostkey was very
difficultly (saslauthd said 'internal error') and only the free() gave
me the needed hints.  Therefore, this bug should be kept perhaps ;)

Comment 1 Enrico Scholz 2004-05-21 14:35:42 UTC
Created attachment 100419 [details]
Fixes usage of uninitialized memory

It is probably not very portable to initialize 'krb5_data' structures directly.
Heimdal has a krb5_data_zero() function but I could not find something similar
for MIT krb5. Therefore the direct initialization...

Comment 2 Enrico Scholz 2004-05-21 15:17:37 UTC
New upstream report at
http://asg.web.cmu.edu/archive/message.php?mailbox=archive.cyrus-sasl&msg=5641

Comment 3 Matthew Miller 2005-04-26 15:16:25 UTC
Fedora Core 2 is now maintained by the Fedora Legacy project for
security updates only. If this problem is a security issue, please
reopen and reassign to the Fedora Legacy product. If it is not a
security issue and hasn't been resolved in the current FC3 updates or
in the FC4 test release, reopen and change the version to match.

Comment 4 Warren Togami 2005-04-27 00:48:57 UTC
Enrico is this still an issue in FC4?


Comment 5 Enrico Scholz 2005-04-27 02:32:53 UTC
I can not reproduce it anymore in FC4, but I can not remember exactly what I did
one year ago. I workarounded the bug on my systems so perhaps I am missing it
therefore. 

As nobody else cared about it, I will close the bug.


Note You need to log in before you can comment on or make changes to this bug.