+++ This bug was initially created as a clone of Bug #436345 +++ Description of problem: selinux-label patch adds code that does not compute buffer size correctly (a typical off-by-one error). This will at best corrupt heap whenever the code is executed. Version-Release number of selected component (if applicable): krb5-libs-1.6.1-17.el5_1.1 How reproducible: 100% Steps to Reproduce: 1. have selinux enabled. 2. try transferring a file from a local directory so that path does not start with /. 3. watch heap being corrupted (MALLOC_CHECK_=2 helps to see it already at the first time). Additional info: Patch is attached to original report. Bug has been fixed in F8 already in krb5-1.6.2-14.fc8 release.
*** This bug has been marked as a duplicate of 426085 ***
Hi, One question, why hasn't there been an update for this released for RedHat Enterprise 5.* yet? - the dates on the main report indicate the fix was made *months* ago - the problem is a "simple off by one" according to the report - the fix has been field tested in fc8 (which exdplains why my fc8 machine did not have the problem) - heap corruption can in general be a serious issue - it is impacting Redhat Enterprise 5 clients in the field as we speak Just wondering, why it has taken months to see an update. I realize you can't control when it is released but this one sure seems like it should have already been out there given it can't make things any worse than the sigabort we are seeing now.
The fix is currently slated for inclusion in the upcoming update release. The corruption in this case doesn't look at all server-influenced, so it hasn't been bumped to a higher priority.