kern/117349: [libgssapi] [patch] gss_acquire_cred can crash if
_gss_mech_oids has not been initialized
Sean McNeil
sean at mcneil.com
Tue Nov 27 22:50:04 PST 2007
The following reply was made to PR kern/117349; it has been noted by GNATS.
From: Sean McNeil <sean at mcneil.com>
To: bug-followup at FreeBSD.org, nathanw at uchicago.edu
Cc:
Subject: Re: kern/117349: [libgssapi] [patch] gss_acquire_cred can crash if
_gss_mech_oids has not been initialized
Date: Tue, 27 Nov 2007 22:32:53 -0800
This is a multi-part message in MIME format.
--------------070809070203010900060003
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I have seen this exact issue with openldap 2.3 on HEAD/RELENG_7. Here is
an alternative patch to resolve this issue:
--- gss_acquire_cred.c.orig 2005-12-29 06:40:20.000000000 -0800
+++ gss_acquire_cred.c 2007-11-22 18:30:07.000000000 -0800
@@ -59,8 +59,8 @@
* First make sure that at least one of the requested
* mechanisms is one that we support.
*/
+ _gss_load_mech();
if (mechs) {
- _gss_load_mech();
for (i = 0; i < mechs->count; i++) {
int t;
gss_test_oid_set_member(minor_status,
@@ -74,6 +74,9 @@
return (GSS_S_BAD_MECH);
}
}
+ else
+ mechs = _gss_mech_oids;
+
if (actual_mechs) {
major_status = gss_create_empty_oid_set(minor_status,
@@ -92,9 +95,6 @@
cred->gc_usage = cred_usage;
SLIST_INIT(&cred->gc_mc);
- if (mechs == GSS_C_NO_OID_SET)
- mechs = _gss_mech_oids;
-
set.count = 1;
min_time = GSS_C_INDEFINITE;
for (i = 0; i < mechs->count; i++) {
--------------070809070203010900060003
Content-Type: text/x-patch;
name="gss_acquire_cred.c.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="gss_acquire_cred.c.diff"
--- gss_acquire_cred.c.orig 2005-12-29 06:40:20.000000000 -0800
+++ gss_acquire_cred.c 2007-11-22 18:30:07.000000000 -0800
@@ -59,8 +59,8 @@
* First make sure that at least one of the requested
* mechanisms is one that we support.
*/
+ _gss_load_mech();
if (mechs) {
- _gss_load_mech();
for (i = 0; i < mechs->count; i++) {
int t;
gss_test_oid_set_member(minor_status,
@@ -74,6 +74,9 @@
return (GSS_S_BAD_MECH);
}
}
+ else
+ mechs = _gss_mech_oids;
+
if (actual_mechs) {
major_status = gss_create_empty_oid_set(minor_status,
@@ -92,9 +95,6 @@
cred->gc_usage = cred_usage;
SLIST_INIT(&cred->gc_mc);
- if (mechs == GSS_C_NO_OID_SET)
- mechs = _gss_mech_oids;
-
set.count = 1;
min_time = GSS_C_INDEFINITE;
for (i = 0; i < mechs->count; i++) {
--------------070809070203010900060003--
More information about the freebsd-bugs
mailing list