Bug 214207 - Corrupted user-name
Corrupted user-name
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: mod_auth_kerb (Show other bugs)
6
All Linux
medium Severity medium
: ---
: ---
Assigned To: Joe Orton
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-11-06 11:07 EST by Enrico Scholz
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version: 5.3-2.fc6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-23 09:32:47 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Enrico Scholz 2006-11-06 11:07:14 EST
Description of problem:

mod_auth_kerb seems to corrupt the username:

| XXXXXX - ensc@XXXXX [06/Nov/2006:16:55:32 +0100] "GET ...
| XXXXXX - \x02 [06/Nov/2006:16:55:34 +0100]

Logfile shows

| ... using cached name , referer: ...
| ... using cached name o_mini.png, ...

like entries.


This seems to be caused by the -cache patch which does:

|  MK_USER = apr_pstrdup(r->pool, output_token.value);
|  ...
|      rv = apr_pool_userdata_set(r->user, NAMEKEY, NULL, r->connection->pool);
| ----
|      if (apr_pool_userdata_get(&data, NAMEKEY, r->connection->pool) == APR_SUCCESS


When having a multi-request connection, the 'r->pool' might be freed
while the 'r->connection->pool' is still alive and returns corrupted
memory.

I suggest to write

|-  MK_USER = apr_pstrdup(r->pool, output_token.value);
|+  MK_USER = apr_pstrdup(r->connection->pool, output_token.value);

which seems to fix the problem for me.


Version-Release number of selected component (if applicable):

mod_auth_kerb-5.1-3
Comment 1 Joe Orton 2006-11-06 11:11:58 EST
Good catch, thanks!
Comment 2 Rudi Chiarito 2006-11-29 16:02:16 EST
This bug was fixed in today's update for FC5, but it remains open for FC6. I can
confirm that rebuilding 5.3-2 under FC6 solves the problem (it was triggering
very bizarre error messages from Subversion for us). Please release an official
FC6 package as well.
Comment 3 Joe Orton 2006-11-30 04:54:27 EST
Ah, sorry, I forgot to hit the "push" button on the FC6 update yesterday, it's
on its way now.
Comment 4 Fedora Update System 2006-11-30 10:31:07 EST
mod_auth_kerb-5.3-2.fc6 has been pushed for fc6, which should resolve this issue.  If these problems are still present in this version, then please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.