[Bug 1326500] Re: libgssapi-krb5-2: segfault when mechglue loops endlessly on call to gss_add_cred_from
Brian Murray
brian at ubuntu.com
Mon Jun 9 20:17:54 UTC 2014
For reference here is the debian changelog in which this bug was fixed:
krb5 (1.12.1+dfsg-2) unstable; urgency=low
[ Jelmer Vernooij ]
* Non-maintainer upload.
* Provide -L and -I flags from krb5-config. Closes: #730837
* Ship krb5-config.mit binary in krb5-multidev., Closes: #745322
* Provide -L and -I flags from pkg-config files. Closes: #750041
[ Sam Hartman ]
* Include upstream patch to load gss mechanisms from /etc/gss/mech.d,
Closes: #673680
* Sysconfdir explicitly set to /etc
* Include ubuntu change to permit libverto-libevent1 (not currently
built in Debian) as an alternative for the KDC. For now just
reduces diff with Ubuntu. Next libverto upload will probably start
building that for Debian too.
* Do not cause endless loop when a mechanism fails to include
gss_add_cred_from or other new methods (upstream #7926)
* Include /etc/gss/mech.d/README
* Low urgency to give extra time in unstable
* Update symbols for gss_indicate_mechs
-- Sam Hartman <> Wed, 04 Jun 2014 12:09:56 -0400
** Also affects: krb5 (Ubuntu Trusty)
Importance: Undecided
Status: New
** Changed in: krb5 (Ubuntu)
Status: Confirmed => Triaged
** Changed in: krb5 (Ubuntu Trusty)
Status: New => Triaged
** Changed in: krb5 (Ubuntu Trusty)
Milestone: None => ubuntu-14.04.1
** Changed in: krb5 (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: krb5 (Ubuntu)
Importance: Undecided => High
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1326500
Title:
libgssapi-krb5-2: segfault when mechglue loops endlessly on call to
gss_add_cred_from
Status in “krb5” package in Ubuntu:
Triaged
Status in “krb5” source package in Trusty:
Triaged
Bug description:
There's a bug fixed in krb5 1.12.1+dfsg-2 (just uploaded to Debian) where if a gss-api mechanism is dynamically loaded, and that mechanism uses symbols from libgssapi_krb5, and doesn't provide certain optional entry points added in krb5 1.12, then calling one of those entry points will cause the mechglue to call itself. This results in an endless loop and the process eventually crashes on stack exhaustion.
Unfortunately, one of the entry points, gss_add_cred_from is going to get called quite commonly.
So, this means that if you're using Ubuntu to develop a GSS-API mechanism or are installing a third party gss-api mechanism, things are going to crash, mostly whenever anyone tries to use gss-api as a server, regardless of whether they intended to use your application.
I'd like to see this fixed in trusty, so I'm giving a detailed repro below. Patch against trusty coming shortly.
Apologies that the repro is a bit involved; there's not a mechanism packaged in Ubuntu that easily exhibits this. However, you really ought to be able to use Ubuntu to develop a GSS mechanism without crashing all your gss apps.
On a stock trusty system, first install the attached mech file as
/usr/etc/gss/mech (yes that's /usr/etc, not /etc) and then run the
following:
sudo add-apt-repository ppa:moonshot/daily
sudo apt-get update
4 sudo apt-get install bzr libkrb5-dev libradsec-dev libssl-dev libjansson-dev autoconf automake libtool build-essential
bzr branch -r739 lp:moonshot
cd moonshot/
autoreconf -i
./configure --without-opensaml --without-shibresolver
make -j3
sudo make install
sudo apt-get install krb5-gss-samples
gss-server host at localhost
This will segfault
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1326500/+subscriptions
More information about the foundations-bugs
mailing list