[Bug 162596] freeradius krb5 module segfault on x86_64

Wed, 14 Nov 2007 01:30:19 -0800 

Public bug reported:

Binary package hint: freeradius-krb5

rlm_krb5, used for kerberos5 authentication in freeradius, doesn't work
on x86_64 platforms.

<code>
freeradius[30961]: segfault at 00007fff00000000 rip 00002b67b2261d10 rsp 
00007ffffa9d4940 error 6
</code>

The problem is that lrm_krb5 uses a deprecated function in libkrb5
without declaring the KRB5_DEPRECATED macro.

>From krb5.h:

----------- code begin --------
#if KRB5_DEPRECATED

[...]

krb5_error_code KRB5_CALLCONV krb5_get_in_tkt_with_password
        (krb5_context,
                krb5_flags,
                krb5_address * const *,
                krb5_enctype *,
                krb5_preauthtype *,
                const char *,
                krb5_ccache,
                krb5_creds *,
                krb5_kdc_rep ** );

[...]

#endif /* KRB5_DEPRECATED */
----------- code end ---------

This results in an implicit declaration of
"krb5_get_in_tkt_with_password" and, on 64bits platforms, the last
parameters of that function isn't initialized correctly.

In particular, the compiler assumes that the last parameter is an integer 
(32bits) instead of a pointer (64bits on x86_64). 
rlm_krb5 calls krb5_get_in_tkt_with_password as follows:

----------- code begin --------

[...]
if ( (r = krb5_get_in_tkt_with_password(context,
                0, NULL, NULL, NULL, pass, ccache, &kcreds, 0)) ) {
[...]

----------- code end ---------

but krb5_get_in_tkt_with_password receives a "random" value for
"krb5_kdc_rep **"

Here is a patch for /src/modules/rlm_krb5/Makefile:

----------- code begin --------

--- Makefile.old        2007-11-14 10:06:21.000000000 +0100
+++ Makefile    2007-11-14 10:05:48.000000000 +0100
@@ -6,7 +6,7 @@
 SRCS       = rlm_krb5.c
 HEADERS    =
 RLM_LIBS   = -lkrb5 -lcom_err -lk5crypto
-RLM_CFLAGS = -I/usr/include/et
+RLM_CFLAGS = -I/usr/include/et -DKRB5_DEPRECATED

 include ../rules.mak

----------- code end ---------

Apply it and rlm_krb5 will work like a charm :)

** Affects: freeradius (Ubuntu)
     Importance: Undecided
         Status: New

-- 
freeradius krb5 module segfault on x86_64
https://bugs.launchpad.net/bugs/162596
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to