misc/117349: gss_acquire_cred can crash if _gss_mech_oids has not been initialized

Nathan Whitehorn nathanw at uchicago.edu
Fri Oct 19 18:20:01 PDT 2007

>Number:         117349
>Category:       misc
>Synopsis:       gss_acquire_cred can crash if _gss_mech_oids has not been initialized
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 20 01:20:00 UTC 2007
>Originator:     Nathan Whitehorn
>Release:        7.0-CURRENT
University of Chicago
FreeBSD banshee.uchicago.edu 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Mon Oct  8 14:34:11 CDT 2007     root at banshee.uchicago.edu:/usr/obj/usr/src/sys/X2100  amd64
gss_acquire_cred() uses _gss_mech_oids to initialize an empty OID set without checking if it has been initialized. With some programs, it happens to have been initialized already. With others (e.g. dovecot), it hasn't been, causing a seg fault. The attached patch forces initialization in the event _gss_mech_oids is NULL.

--- gss_acquire_cred.c  2007-10-19 20:12:40.000000000 -0500
+++ gss_acquire_cred.c.dist     2007-10-19 20:12:26.000000000 -0500
@@ -59,10 +59,6 @@
         * First make sure that at least one of the requested
         * mechanisms is one that we support.
-       if (!_gss_mech_oids)
-                _gss_load_mech();
        if (mechs) {
                for (i = 0; i < mechs->count; i++) 


More information about the freebsd-bugs mailing list