Bug 750823 – Newly introduced defect into krb5

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 750823 - Newly introduced defect into krb5

Summary:	Newly introduced defect into krb5

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	krb5 (Show other bugs)
Sub Component:
Version:	5.8
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Nalin Dahyabhai
QA Contact:	BaseOS QE Security Team
Docs Contact:

URL:
Whiteboard:
Keywords:

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2011-11-02 09:15 EDT by Michal Luscon
Modified:	2012-11-06 09:16 EST (History)
CC List:	6 users (show)

See Also:
Fixed In Version:	krb5-1.6.1-69.el5
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2012-02-20 22:19:51 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2012:0306	normal	SHIPPED_LIVE	Low: krb5 security and bug fix update	2012-02-21 02:24:53 EST

Groups: None (edit)

Description Michal Luscon 2011-11-02 09:15:12 EDT

Coverity scan revealed addition of one new defect into krb5 source codes.

/src/appl/gssftp/ftp/main.c:605 - Variable c->c_name is checked to null and subsequently on the line #614 is called function strlen with parameter c->c_cname without the null check. This can cause NULL dereferencing in function strlen.

Version-Release number of selected component (if applicable):
krb5-1.6.1

Additional info:
This defect was not present in the previous version of krb5 package.

Comment 1 Nalin Dahyabhai 2011-11-02 10:33:57 EDT

Which previous version?

Comment 2 Nalin Dahyabhai 2011-11-02 10:40:25 EDT

For that matter, what's the release number of the current version?  If this is coming in via a patch, that would be _immensely_ useful in finding out which one needs to stop introducing an error.

Comment 3 Ondrej Vasik 2011-11-02 10:55:33 EDT

Previous version means RHEL-5.7 version of the krb5. It was detected by difference scan between krb5-1.6.1-62.el5 and krb5-1.6.1-68.el5 .

Comment 4 Michal Luscon 2011-11-02 10:56:54 EDT

I am sorry that I did not mentioned enough information. This defect was not present in krb5-1.6.1-62.el5.src(RHEL-5.7) and it appeared in krb5-1.6.1-68.el5(RHEL-5.8).

Comment 5 Kamil Dudka 2011-11-02 17:30:56 EDT

(In reply to comment #2)
> For that matter, what's the release number of the current version?  If this is
> coming in via a patch, that would be _immensely_ useful in finding out which
> one needs to stop introducing an error.

I see you already fixed it.  For the others, krb5-1.6.1-ftp_buffer.patch was the cause of this bug report.  We are going to provide more details about the 5.8 difference scan later this week.  Please stay tuned.

Comment 6 Nalin Dahyabhai 2011-11-02 17:53:29 EDT

(In reply to comment #5)
> I see you already fixed it.  For the others, krb5-1.6.1-ftp_buffer.patch was
> the cause of this bug report.  We are going to provide more details about the
> 5.8 difference scan later this week.  Please stay tuned.

Indeed, it's still compiling.  But neither cmdtab[] nor help() were modified by the patch, so without more information it's hard to tell which part of it did this.  Where are the scan results?  Were both scans performed with the same versions of all of the tools involved?

Comment 7 Kamil Dudka 2011-11-02 18:21:14 EDT

(In reply to comment #6)
> Where are the scan results?

We are processing them now, should be available later this week.  Nevertheless, I can provide some preliminary results in case you are in hurry.

> Were both scans performed with the same versions of all of the tools involved?

Yes, they were.

Comment 17 errata-xmlrpc 2012-02-20 22:19:51 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0306.html

Note You need to log in before you can comment on or make changes to this bug.