Red Hat Bugzilla – Bug 436345
Buffer overflow when SElinux enabled.
Last modified: 2008-04-14 05:49:16 EDT
Description of problem:
selinux-label patch adds code that does not compute buffer size correctly (a
typical off-by-one error). This will at best corrupt heap whenever the code is
Version-Release number of selected component (if applicable):
krb5-1.6.1-17.el5 is affected as well.
Steps to Reproduce:
1. have selinux enabled.
2. try transferring a file from a local directory so that path does not start
3. watch heap being corrupted (MALLOC_CHECK_=2 helps to see it already at the
Patch will be attached.
Created attachment 297075 [details]
Bug present also in ftp program as distributed with krb5-1.6.2-13.fc8
Going to include the fix in 1.6.2-14, leaving open until it's pushed as an update.
krb5-1.6.2-14.fc8 has been submitted as an update for Fedora 8
krb5-1.6.2-14.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
The bug appears to be gone in krb5-1.6.2-14.fc8