Description of problem: Both curl and firefox have the following errors when attempting to negotiate kerberos authentication with a remote server: *** glibc detected *** curl: double free or corruption (!prev): 0x0000000000539f40 *** ======= Backtrace: ========= /lib64/libc.so.6[0x306bd6dc43] /lib64/libc.so.6(__libc_free+0x84)[0x306bd6ddc4] /usr/lib64/libkrb5.so.3(krb5_free_cred_contents+0x6d)[0x2aaaaad5c35d] /usr/lib64/libkrb5.so.3(krb5_free_creds+0x9)[0x2aaaaad5c3c9] /usr/lib64/libkrb5.so.3(krb5_free_tgt_creds+0x1d)[0x2aaaaad5c3fd] /usr/lib64/libkrb5.so.3(krb5_get_credentials+0x209)[0x2aaaaad57509] /usr/lib64/libgssapi_krb5.so.2(krb5_gss_init_sec_context+0x96a)[0x2aaaaac08b3a] /usr/lib64/libcurl.so.3(Curl_input_negotiate+0x179)[0x2aaaaaaece09] /usr/lib64/libcurl.so.3(Curl_http_input_auth+0x133)[0x2aaaaaad1fa3] /usr/lib64/libcurl.so.3(Curl_readwrite+0x1840)[0x2aaaaaae8720] /usr/lib64/libcurl.so.3(Curl_perform+0x14b)[0x2aaaaaae89eb] curl[0x406f9c] /lib64/libc.so.6(__libc_start_main+0xf4)[0x306bd1ce54] curl[0x4021e9] This is a strace output of a running firefox: writev(2, [{"*** glibc detected *** ", 23}, {"/usr/lib64/firefox-1.5.0.6/firef"..., 38}, {": ", 2}, {"double free or corruption (out)", 31}, {": 0x", 4}, {"00002aaab32fb460", 16}, {" ***\n", 5}], 7) = 119 futex(0x306bf46f00, FUTEX_WAKE, 2147483647) = 0 futex(0x307260d350, FUTEX_WAKE, 2147483647) = 0 write(2, "======= Backtrace: =========\n", 29) = 29 writev(2, [{"/lib64/libc.so.6", 16}, {"[0x", 3}, {"306bd6dc43", 10}, {"]\n", 2}], 4) = 31 writev(2, [{"/lib64/libc.so.6", 16}, {"(", 1}, {"__libc_free", 11}, {"+0x", 3}, {"84", 2}, {")", 1}, {"[0x", 3}, {"306bd6ddc4", 10}, {"]\n", 2}], 9) = 49 writev(2, [{"/usr/lib64/libkrb5.so.3", 23}, {"(", 1}, {"krb5_free_cred_contents", 23}, {"+0x", 3}, {"6d", 2}, {")", 1}, {"[0x", 3}, {"2aaab0a1535d", 12}, {"]\n", 2}], 9) = 70 writev(2, [{"/usr/lib64/libkrb5.so.3", 23}, {"(", 1}, {"krb5_free_creds", 15}, {"+0x", 3}, {"9", 1}, {")", 1}, {"[0x", 3}, {"2aaab0a153c9", 12}, {"]\n", 2}], 9) = 61 writev(2, [{"/usr/lib64/libkrb5.so.3", 23}, {"(", 1}, {"krb5_free_tgt_creds", 19}, {"+0x", 3}, {"1d", 2}, {")", 1}, {"[0x", 3}, {"2aaab0a153fd", 12}, {"]\n", 2}], 9) = 66 writev(2, [{"/usr/lib64/libkrb5.so.3", 23}, {"(", 1}, {"krb5_get_credentials", 20}, {"+0x", 3}, {"209", 3}, {")", 1}, {"[0x", 3}, {"2aaab0a10509", 12}, {"]\n", 2}], 9) = 68 writev(2, [{"/usr/lib64/libgssapi_krb5.so.2", 30}, {"(", 1}, {"krb5_gss_init_sec_context", 25}, {"+0x", 3}, {"96a", 3}, {")", 1}, {"[0x", 3}, {"2aaab08c2b3a", 12}, {"]\n", 2}], 9) = 80 This is the best I could come up with for the time being. I have no idea where firefox's stderr is being sent. The fact that both applications are segfaulting in about the same place would appear to implicate the kerberos libraries. Version-Release number of selected component (if applicable): Tested with krb5-libs-1.4.3-5.1 (both x86_64 and i386 versions, under curl) and krb5-libs-1.4.3-4.1 (x86_64 only) How reproducible: Almost always. Occasionally the curl connection hangs. I am finding diagnosis difficult under firefox. It just hangs and I have had to reboot (yes, reboot) on occasion in order to restart firefox. With both, authentication never works, and the user's keytab always gets corrupted. It works fine with an almost identical setup under FC3. Steps to Reproduce: 1. Set up kerberos 2. make sure kinit returns a valid ticket 3. curl -u z --negotiate http://some.mod_auth_kerb.url/ or IIS URL 4. press enter at the password prompt Actual results: See error above Expected results: I expect curl to authenticate and download the content of the given URL. Additional info: This may be related to 189332 Seems very similar to http://bugs.donarmstrong.com/cgi-bin/bugreport.cgi?bug=344543
I'm having trouble reproducing this. Fresh i386 FC5 install with all updates applied (this takes it to 1.4.3-5.1, as you have). I run kinit, and then point curl at a page on my domain controller, which is in a different realm than I am, and have the [domain_realm] mapping set up in /etc/krb5.conf so that the library will assume it's in my local realm. When I try this, I see the "Server not found in Kerberos database" error come back from the server, and the client spews out the authorization failure text which the server sent it. Is there something I'm missing in the setup here?
First, both the patch at http://krbdev.mit.edu/rt/Ticket/Display.html?id=3313 and krb5-1.5-3 from fc6t2 fix the double-free problem. This has allowed me to track down what appear to be the key features of the problem. This problem manifests itself when the server to which the request is made maps to a secondary realm whose domain name does not directly map to that realm. (There is at least one other case. The same seems to occur when the domain does not have a mapping to a valid realm.) 1. krb5.conf has a [domain_realm] section with a "domain2.name = REALM2.NAME" mapping (e.g. bar.com = BAZ.COM) 2. curl requests http://host.realm.name and starts auth_negotiate 3. DNS shows gethostbyaddr(gethostbyname(host.realm.name)) = host.domain2.name 4. curl must construct an SPN of HTTP/host.domain2.name 5. curl crashes I hope that is clear. It is still a little confusing to me.
Fedora apologizes that these issues have not been resolved yet. We're sorry it's taken so long for your bug to be properly triaged and acted on. We appreciate the time you took to report this issue and want to make sure no important bugs slip through the cracks. If you're currently running a version of Fedora Core between 1 and 6, please note that Fedora no longer maintains these releases. We strongly encourage you to upgrade to a current Fedora release. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained and closing them. http://fedoraproject.org/wiki/LifeCycle/EOL If this bug is still open against Fedora Core 1 through 6, thirty days from now, it will be closed 'WONTFIX'. If you can reporduce this bug in the latest Fedora version, please change to the respective version. If you are unable to do this, please add a comment to this bug requesting the change. Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we are following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again. And if you'd like to join the bug triage team to help make things better, check out http://fedoraproject.org/wiki/BugZappers
This bug is open for a Fedora version that is no longer maintained and will not be fixed by Fedora. Therefore we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen thus bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.