misc/117349: gss_acquire_cred can crash if _gss_mech_oids has not
been initialized
Nathan Whitehorn
nathanw at uchicago.edu
Fri Oct 19 18:20:01 PDT 2007
>Number: 117349
>Category: misc
>Synopsis: gss_acquire_cred can crash if _gss_mech_oids has not been initialized
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 20 01:20:00 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Nathan Whitehorn
>Release: 7.0-CURRENT
>Organization:
University of Chicago
>Environment:
FreeBSD banshee.uchicago.edu 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Mon Oct 8 14:34:11 CDT 2007 root at banshee.uchicago.edu:/usr/obj/usr/src/sys/X2100 amd64
>Description:
gss_acquire_cred() uses _gss_mech_oids to initialize an empty OID set without checking if it has been initialized. With some programs, it happens to have been initialized already. With others (e.g. dovecot), it hasn't been, causing a seg fault. The attached patch forces initialization in the event _gss_mech_oids is NULL.
>How-To-Repeat:
>Fix:
--- gss_acquire_cred.c 2007-10-19 20:12:40.000000000 -0500
+++ gss_acquire_cred.c.dist 2007-10-19 20:12:26.000000000 -0500
@@ -59,10 +59,6 @@
* First make sure that at least one of the requested
* mechanisms is one that we support.
*/
-
- if (!_gss_mech_oids)
- _gss_load_mech();
-
if (mechs) {
_gss_load_mech();
for (i = 0; i < mechs->count; i++)
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list