[Bug 1347147] Re: krb5 database propagation enters infinite loop

Tom Yu tlyu at mit.edu
Thu Jul 31 14:56:49 UTC 2014


This problem is broader than slave KDCs; it can potentially affect any
write operation on a KDC with sufficiently many (more than a few
hundred) principals, causing database corruption or denial of service.
Altering the test case to create one principal per invocation of
kadmin.local shows that the spin condition depends on database contents
rather than process memory history.

It also manifests during krb5_db_get_principal(), not just
krb5_db_put_principal(), as shown in the below stack trace.  Note the
krb5_db_get_principal() call in the stack trace is the one that is meant
to verify the master key.

Altered test case showing the spin condition on a fresh kadmin.local
invocation:

kdb5_util -W -r T create -s
awk 'BEGIN { for (i = 0; i < 1024; i++) { printf("%06d\n", i) } }' /dev/null | (set -e; while read p; do kadmin.local -r T -q "ank -randkey $p"; done)

I still recommend preferring the test case I gave in comment #1 because
it executes more quickly.

kadmin.local stack trace:

(gdb) bt
#0  0x00007f3fa70dbcbc in ?? ()
   from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so
#1  0x00007f3fa70d90bc in ?? ()
   from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so
#2  0x00007f3fa70d7bc9 in ?? ()
   from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so
#3  0x00007f3fa70d0ab6 in ?? ()
   from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so
#4  0x00007f3fa70d1bf4 in ?? ()
   from /usr/lib/x86_64-linux-gnu/krb5/plugins/kdb/db2.so
#5  0x00007f3fa79d0047 in krb5_db_get_principal ()
   from /usr/lib/x86_64-linux-gnu/libkdb5.so.7
#6  0x00007f3fa79d365b in ?? () from /usr/lib/x86_64-linux-gnu/libkdb5.so.7
#7  0x00007f3fa79d02c0 in krb5_db_fetch_mkey_list ()
   from /usr/lib/x86_64-linux-gnu/libkdb5.so.7
#8  0x00007f3fa9140f78 in kdb_init_master ()
   from /usr/lib/x86_64-linux-gnu/libkadm5srv_mit.so.9
#9  0x00007f3fa9141e90 in kadm5_init ()
   from /usr/lib/x86_64-linux-gnu/libkadm5srv_mit.so.9
#10 0x0000000000404659 in ?? ()
#11 0x0000000000402bbc in ?? ()
#12 0x00007f3fa8263ec5 in __libc_start_main (main=0x402b70, argc=5, 
    argv=0x7fff76716738, init=<optimized out>, fini=<optimized out>, 
    rtld_fini=<optimized out>, stack_end=0x7fff76716728) at libc-start.c:287
#13 0x0000000000402c96 in ?? ()

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1347147

Title:
  krb5 database propagation enters infinite loop

To manage notifications about this bug go to:
https://bugs.launchpad.net/gcc/+bug/1347147/+subscriptions



More information about the Ubuntu-server-bugs mailing list