Bug 442314 - Buffer overflow when SElinux enabled.
Buffer overflow when SElinux enabled.
Status: CLOSED DUPLICATE of bug 426085
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: krb5 (Show other bugs)
5.1
All Linux
medium Severity high
: rc
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On: 436345
Blocks:
  Show dependency treegraph
 
Reported: 2008-04-14 05:49 EDT by Pawel Salek
Modified: 2008-04-15 12:41 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-15 11:24:41 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Pawel Salek 2008-04-14 05:49:16 EDT
+++ This bug was initially created as a clone of Bug #436345 +++

Description of problem:
selinux-label patch adds code that does not compute buffer size correctly (a
typical off-by-one error).  This will at best corrupt heap whenever the code is
executed.

Version-Release number of selected component (if applicable):
krb5-libs-1.6.1-17.el5_1.1

How reproducible:
100%

Steps to Reproduce:
1. have selinux enabled.
2. try transferring a file from a local directory so that path does not start
with /.
3. watch heap being corrupted (MALLOC_CHECK_=2 helps to see it already at the
first time).

Additional info:
Patch is attached to original report. Bug has been fixed in F8 already in
krb5-1.6.2-14.fc8 release.
Comment 1 Nalin Dahyabhai 2008-04-15 11:24:41 EDT

*** This bug has been marked as a duplicate of 426085 ***
Comment 2 Kevin B. Hendricks 2008-04-15 12:00:29 EDT
Hi,

One question, why hasn't there been an update for this released for RedHat  Enterprise 5.* yet?
   - the dates on the main report indicate the fix was made *months* ago
   - the problem is a "simple off by one" according to the report
   - the fix has been field tested in fc8 (which exdplains why my fc8 machine did not have the problem)
   - heap corruption can in general be a serious issue
   - it is impacting Redhat Enterprise 5 clients in the field as we speak

Just wondering, why it has taken months to see an update.

I realize you can't control when it is released but this one sure seems like it should have already been 
out there given it can't make things any worse than the sigabort we are seeing now.



 
  
Comment 3 Nalin Dahyabhai 2008-04-15 12:41:47 EDT
The fix is currently slated for inclusion in the upcoming update release.  The
corruption in this case doesn't look at all server-influenced, so it hasn't been
bumped to a higher priority.

Note You need to log in before you can comment on or make changes to this bug.