Red Hat Bugzilla – Bug 157530
rpc.svcgssd segfaults when it receives a large token
Last modified: 2007-11-30 17:11:05 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.7) Gecko/20050509 Fedora/1.0.3-5 Firefox/1.0.3
Description of problem:
I am testing nfsv4 with sec=krb5 where the kerberos server is Active Directory. It seems that the AP-REQ ticket is too big for rpc.svcgssd process (1196 bytes I think) which reports the errors
May 10 12:57:14 xxx rpc.svcgssd: WARNING: gss_accept_sec_context failed
May 10 12:57:14 xxx rpc.svcgssd: ERROR: GSS-API: error in handle_nullreq: gss_accept_sec_context(): A token was invalid - Token header is malformed or corrupt
then crashes. If I increase the size of the token buffer (see the patch I will attach) then nfsv4 starts working, but rpc.svcgssd shouldn't crash if it gets tokens it doesn't like.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Send a big AP-REQ token to rpc.svcgssd
Created attachment 114288 [details]
Patch to increase a buffer size and avoid the problem
thanks for the patch!
The should be fixed in nfs-utils-1.0.7-7
Closing bugs in MODIFIED state from prior Fedora releases. If this bug persists
in a current Fedora release (such as Fedora Core 5 or later), please reopen and
set the version appropriately.