misc/114457: crash in libgssapi gss_acquire_cred() call on FreeBSD-CURRENT

Rick Macklem rick at cis.uoguelph.ca
Mon Jul 9 19:10:02 UTC 2007 

>Number:         114457
>Category:       misc
>Synopsis:       crash in libgssapi gss_acquire_cred() call on FreeBSD-CURRENT
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Jul 09 19:10:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Rick Macklem
>Release:        FreeBSD-CURRENT May 2007 snapshot
>Organization:
Univ of Guelph
>Environment:
FreeBSD 7.0-CURRENT-200705 i386
>Description:
My gssd.c crashes in gss_acquire_cred() when linked to the gssapi library in
the FreeBSD-CURRENT May 2007 snapshot. It works for FreeBSD6, heimdal-0.8.1
and MIT Kerberos. (It might be related to PR kern/113266.)

A "gdb where" and the snippet of code that causes the crash is in the
"patch file".
>How-To-Repeat:

>Fix:


Patch attached with submission follows:

When my gssd.c is linked to either of FreeBSD6 libraries, Heimdal-0.8 libraries
or MIT's libraries, it works ok. When linked to the gssapi library in the
FreeBSD-CURRENT May 2007 snapshot, it core dumps during startup, in the
gss_acquire_cred() call. Although It doesn't tell you much, here is what
gdb gives me for "where" and the snippet of code being executed at the time.
(It seems pretty clear that the args are ok?)

nfsv4-mac# gdb gssd/gssd gssd.core
GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-marcel-freebsd"...
Core was generated by `gssd'.
Program terminated with signal 11, Segmentation fault.
#0  0x0804c0c9 in gss_acquire_cred ()
(gdb) where
#0  0x0804c0c9 in gss_acquire_cred ()
#1  0x0804a856 in gssd_acquire_acceptor_cred (
    server_name=0x8147720 "nfs at nfsv4-mac.cis.uoguelph.ca", 
    min_statp=0xbfbfec88) at gssd.c:1432
#2  0x08048814 in main (argc=0, argv=0xbfbfed2c, envp=0xbfbfed30)
    at gssd.c:570
(gdb) quit

- and the snippet of code from gssd.c:
gssd_acquire_acceptor_cred(char *server_name, u_int32_t *min_statp)
{
	gss_buffer_desc name;
	gss_name_t target_name;
	u_int32_t maj_stat, min_stat;

	name.value = (void *)server_name;
	name.length = strlen(server_name) + 1;
	maj_stat = gss_import_name(min_statp, &name,
		GSS_C_NT_HOSTBASED_SERVICE, &target_name);
	if (maj_stat != GSS_S_COMPLETE)
		return (maj_stat);

	maj_stat = gss_acquire_cred(min_statp, target_name, 0,
	    GSS_C_NULL_OID_SET, GSS_C_ACCEPT,
	    &gssd_creds, NULL, NULL);


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-bugs mailing list