Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails
On Sat, 24 Dec 2005, Sam Hartman wrote: Can you reproduce with kvno? yes. It seems that not DNS, but realm jumping, is the problem: [EMAIL PROTECTED]:~$ kinit Password for [EMAIL PROTECTED]: Warning: Your password will expire in 192 days on Wed Jul 5 11:55:18 2006 [EMAIL PROTECTED]:~$ kvno host/erewhon host/[EMAIL PROTECTED]: Server not found in Kerberos database while getting credentials [EMAIL PROTECTED]:~$ kvno host/erewhon.squill.dementia.org host/[EMAIL PROTECTED]: Server not found in Kerberos database while getting credentials [EMAIL PROTECTED]:~$ kvno host/[EMAIL PROTECTED] *** glibc detected *** double free or corruption (fasttop): 0x0804b8e0 *** Aborted and it isn't all realm jumping, only some (neither of these realms has crossrealm from ANDREW.CMU.EDU): [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] [EMAIL PROTECTED]: Server not found in Kerberos database while getting credentials [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] *** glibc detected *** double free or corruption (fasttop): 0x0804b890 *** Aborted the realm in question doesn't exist in DNS. It appears that the problem is with realms ending in DEMENTIA.ORG. This makes no sense: [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] [EMAIL PROTECTED]: Server not found in Kerberos database while getting credentials [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] [EMAIL PROTECTED]: Server not found in Kerberos database while getting credentials [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] *** glibc detected *** double free or corruption (fasttop): 0x0804b890 *** Aborted [EMAIL PROTECTED]:~$ kinit cg2v Password for [EMAIL PROTECTED]: Warning: Your password will expire in 192 days on Wed Jul 5 11:55:18 2006 [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] [EMAIL PROTECTED]: Server not found in Kerberos database while getting credentials [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] [EMAIL PROTECTED]: kvno = 2 [EMAIL PROTECTED]:~$ kvno [EMAIL PROTECTED] [EMAIL PROTECTED]: Server not found in Kerberos database while getting credentials -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails
OK. I think we've linked this to an upstream bug. I think we already have a patch. Let me confirm that. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails
Can you reproduce with kvno? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails
Package: libkrb53 Version: 1.4.3-4 Severity: important After the last krb53 update, attempting to authenticate to a host that has no key (or has once in a realm I can't authenticate to) breaks badly. glibc detects a double-free, and the ticket cache is corrupted. when libkrb53 subsuquently tries to use the corrupt ticket cache, it crashes. I first noticed the problem with ssh-krb5, but it can be reproduced with the ftp in krb5-clients: starfury:~ kinit cg2v Password for [EMAIL PROTECTED]: Warning: Your password will expire in 193 days on Wed Jul 5 11:55:18 2006 starfury:~ ls -l /tmp/krb5cc_1000 -rw--- 1 cg2v cg2v 466 2005-12-23 11:49 /tmp/krb5cc_1000 starfury:~ ftp erewhon Connected to erewhon. 220 erewhon FTP server (Version 6.00+Heimdal 0.6.3+KTH-KRB 1.2.2) ready. 334 Send authorization data. GSSAPI accepted as authentication type *** glibc detected *** double free or corruption (fasttop): 0x08070af8 *** Abort starfury:~ ls -l /tmp/krb5cc_1000 -rw--- 1 cg2v cg2v 4096 2005-12-23 11:49 /tmp/krb5cc_1000 starfury:~ klist Ticket cache: FILE:/tmp/krb5cc_1000 Default principal: [EMAIL PROTECTED] Valid starting ExpiresService principal 12/23/05 11:48:59 12/24/05 11:48:59 krbtgt/[EMAIL PROTECTED] Segmentation fault #0 0xe410 in __kernel_vsyscall () #1 0xb7b56691 in raise () from /lib/tls/i686/cmov/libc.so.6 #2 0xb7b57f5b in abort () from /lib/tls/i686/cmov/libc.so.6 #3 0xb7b8cba7 in __libc_message () from /lib/tls/i686/cmov/libc.so.6 #4 0xb7b93177 in _int_free () from /lib/tls/i686/cmov/libc.so.6 #5 0xb7b93612 in free () from /lib/tls/i686/cmov/libc.so.6 #6 0xb7ce8039 in krb5_free_cred_contents () from /usr/lib/libkrb5.so.3 #7 0xb7ce80c1 in krb5_free_creds () from /usr/lib/libkrb5.so.3 #8 0xb7ce8c5a in krb5_free_tgt_creds () from /usr/lib/libkrb5.so.3 #9 0xb7ce3df7 in krb5_get_credentials () from /usr/lib/libkrb5.so.3 #10 0xb7d24925 in krb5_gss_init_sec_context () from /usr/lib/libgssapi_krb5.so.2 #11 0xb7d288dc in gss_init_sec_context () from /usr/lib/libgssapi_krb5.so.2 -- System Information: Debian Release: testing/unstable APT prefers testing APT policy: (500, 'testing'), (50, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12-1-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libkrb53 depends on: ii libc6 2.3.5-8GNU C Library: Shared libraries an ii libcomerr21.38-2 common error description library libkrb53 recommends no packages. -- debconf-show failed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails
Chaskiel Grundman [EMAIL PROTECTED] writes: Package: libkrb53 Version: 1.4.3-4 Severity: important After the last krb53 update, attempting to authenticate to a host that has no key (or has once in a realm I can't authenticate to) breaks badly. glibc detects a double-free, and the ticket cache is corrupted. when libkrb53 subsuquently tries to use the corrupt ticket cache, it crashes. I first noticed the problem with ssh-krb5, but it can be reproduced with the ftp in krb5-clients: starfury:~ kinit cg2v Password for [EMAIL PROTECTED]: Warning: Your password will expire in 193 days on Wed Jul 5 11:55:18 2006 starfury:~ ls -l /tmp/krb5cc_1000 -rw--- 1 cg2v cg2v 466 2005-12-23 11:49 /tmp/krb5cc_1000 starfury:~ ftp erewhon Connected to erewhon. 220 erewhon FTP server (Version 6.00+Heimdal 0.6.3+KTH-KRB 1.2.2) ready. 334 Send authorization data. GSSAPI accepted as authentication type *** glibc detected *** double free or corruption (fasttop): 0x08070af8 *** Abort Hm, I can't duplicate this in a quick try: wanderer:~ ftp localhost Connected to localhost. 220 wanderer FTP server (Version 5.60) ready. 334 Using authentication type GSSAPI; ADAT must follow GSSAPI accepted as authentication type GSSAPI error major: Miscellaneous failure GSSAPI error minor: Server not found in Kerberos database GSSAPI error: initializing context GSSAPI authentication failed 334 Using authentication type KERBEROS_V4; ADAT must follow KERBEROS_V4 accepted as authentication type Kerberos V4 krb_mk_req failed: You have no tickets cached Name (localhost:eagle): Do you have the steps required to duplicate this from a current unstable install? -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails
Do you have the steps required to duplicate this from a current unstable install? it happens in a newly debootstrap'd sid as soon as I install krb5-user and krb5-clients. answers to the only debconf questions asked are: Name: krb5-config/default_realm Template: krb5-config/default_realm Value: ANDREW.CMU.EDU Owners: krb5-config Flags: seen Name: krb5-config/dns_for_default Template: krb5-config/dns_for_default Value: true Owners: krb5-config Flags: seen -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#344543: libkrb53: double free + cache corruption if krb5_get_credentials fails
Chaskiel M Grundman [EMAIL PROTECTED] writes: it happens in a newly debootstrap'd sid as soon as I install krb5-user and krb5-clients. The problem that I'm running into is that reproducing it apparently requires a specific server, which I don't have any of around here. Can I try ftping to erewhon? (I don't know the FQDN.) Alternately, how do I reproduce that server? Whatever is happening appears to be very specific to the service that you're trying to connect to, since I can't duplicate this by connecting to various Kerberized services around here that don't have keys or that I can't get keys for. -- Russ Allbery ([EMAIL PROTECTED]) http://www.eyrie.org/~eagle/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]