reassign 349526 libkrb53 severity 349526 important tags 349526 patch thanks
On Mon, Jan 23, 2006 at 03:06:45PM -0800, Steve Langasek wrote: > On Mon, Jan 23, 2006 at 09:29:03AM -0800, Russ Allbery wrote: > > reassign 349526 openssh-server > > thanks > > Justin Pryzby <[EMAIL PROTECTED]> writes: > > > reassign 349526 libkrb53 > > > thanks > > Please don't reassign the bug to the Kerberos libraries unless you have > > evidence that the bug is actually in the *library* rather than in > > openssh-server's use of Kerberos. Given the quantity of other software in > > Debian that hasn't started segfaulting, it seems more likely that > > something in openssh-server specifically is at fault. At the least, I > > think a little more investigation is needed before we can be sure that > > it's a Kerberos library bug. > Agreed. FWIW, I was also seeing complementary errors with openssh-*client* > whenever I had a valid ccache and tried to ssh to a system that doesn't > accept Kerberos, but I'm not able to reproduce those errors now; possibly > the errors went away when kerberos 1.4.3 hit testing... Hey, so I guess forgetting that you've created a zero-length /etc/krb5.keytab for testing on a system that you're later trying to convert to use pam_krb5 is a good way to motivate oneself to find and fix this bug... It turns out that the problem is buggy handling of fread() in src/lib/krb5/keytab/kt_file.c; the code assumes that fread only returns 0 upon error, when it can, of course, also return 0 if there are 0 bytes to be read. :) So it sets kerror to 0 (errno), closes the file but doesn't completely clean up, and the FILE* gets double-freed. Possible patch attached, reassigned and downgraded. Cheers, -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
diff -u krb5-1.4.3/debian/changelog krb5-1.4.3/debian/changelog
--- krb5-1.4.3/debian/changelog
+++ krb5-1.4.3/debian/changelog
@@ -1,3 +1,10 @@
+krb5 (1.4.3-6.1) unstable; urgency=low
+
+ * Non-maintainer upload.
+ * Fix incorrect check for return value of xfread().
+
+ -- Steve Langasek <[EMAIL PROTECTED]> Mon, 13 Mar 2006 23:38:02 -0800
+
krb5 (1.4.3-6) unstable; urgency=low
* Assume krb5 in krb5_gss_canonicalize_name if the null mechanism is
only in patch2:
unchanged:
--- krb5-1.4.3.orig/src/lib/krb5/keytab/kt_file.c
+++ krb5-1.4.3/src/lib/krb5/keytab/kt_file.c
@@ -1108,6 +1108,8 @@
/* gotta verify it instead... */
if (!xfread(&kt_vno, sizeof(kt_vno), 1, KTFILEP(id))) {
kerror = errno;
+ if (!kerror)
+ kerror = EIO;
(void) krb5_unlock_file(context, fileno(KTFILEP(id)));
(void) fclose(KTFILEP(id));
return kerror;
signature.asc
Description: Digital signature
