From owner-freebsd-ports-bugs@FreeBSD.ORG  Sun Oct 12 02:30:02 2008
Return-Path: <owner-freebsd-ports-bugs@FreeBSD.ORG>
Delivered-To: freebsd-ports-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id ABFEB1065696
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 12 Oct 2008 02:30:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 8A60F8FC0C
	for <freebsd-ports-bugs@hub.freebsd.org>;
	Sun, 12 Oct 2008 02:30:02 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id m9C2U2bo092591
	for <freebsd-ports-bugs@freefall.freebsd.org>;
	Sun, 12 Oct 2008 02:30:02 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.2/8.14.1/Submit) id m9C2U21c092590;
	Sun, 12 Oct 2008 02:30:02 GMT (envelope-from gnats)
Resent-Date: Sun, 12 Oct 2008 02:30:02 GMT
Resent-Message-Id: <200810120230.m9C2U21c092590@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-ports-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	"Ryan T.Dean" <rtdean@cytherianage.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D6A9F106568F
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 12 Oct 2008 02:21:41 +0000 (UTC)
	(envelope-from rtdean@noisy.cytherianage.net)
Received: from noisy.cytherianage.net (noisy.cytherianage.net [209.222.140.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 8A3EC8FC18
	for <FreeBSD-gnats-submit@freebsd.org>;
	Sun, 12 Oct 2008 02:21:41 +0000 (UTC)
	(envelope-from rtdean@noisy.cytherianage.net)
Received: (qmail 60436 invoked by uid 1000); 12 Oct 2008 02:01:14 -0000
Message-Id: <20081012020114.60435.qmail@noisy.cytherianage.net>
Date: 12 Oct 2008 02:01:14 -0000
From: "Ryan T.Dean" <rtdean@cytherianage.net>
To: FreeBSD-gnats-submit@FreeBSD.org
X-Send-Pr-Version: 3.113
Cc: shaun@FreeBSD.org
Subject: ports/128025: [patch] security/heimdal ldap support broken under 7
X-BeenThere: freebsd-ports-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: "Ryan T.Dean" <rtdean@cytherianage.net>
List-Id: Ports bug reports <freebsd-ports-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports-bugs>
List-Post: <mailto:freebsd-ports-bugs@freebsd.org>
List-Help: <mailto:freebsd-ports-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-ports-bugs>, 
	<mailto:freebsd-ports-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 12 Oct 2008 02:30:02 -0000


>Number:         128025
>Category:       ports
>Synopsis:       [patch] security/heimdal ldap support broken under 7
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 12 02:30:01 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Ryan T. Dean
>Release:        FreeBSD 7.0-STABLE amd64
>Organization:
>Environment:
System: FreeBSD noisy.cytherianage.net 7.0-STABLE FreeBSD 7.0-STABLE #1: Mon Jul 14 04:40:56 UTC 2008 root@noisy.cytherianage.net:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
The WITH_LDAP option in security/heimdal does not work under FreeBSD 7.  
If you attempt to initalize a realm, add or change a key, or perform any 
operation that affects the krb5Key attribute in the LDAP tree, the
program attempting the modification will segmentation fault.

The issue lies in heimdal-1.0.1/lib/hdb/hdb-ldap.c, in the 
LDAP_addmod_len() function.  When allocating memory to store the krb5Key
attribute, it only allocates enough memory for a pointer to a berval
structure, not enough memory for the structure itself.  This results in 
a memory alignment error, and each added krb5Key attribute ends up
clobbering the previous entry's data pointers.

This issue is present everywhere from 1.0 through the 1.2.1 release, and
will be fixed upstream when 1.2.2 is released.  This change was applied
upstream in change # 23726, and can be viewed via heimdal's fisheye at
http://www.h5l.org/fisheye/changelog/heimdal?cs=23726

This issue does not affect installations that are not using the LDAP hdb
available in Heimdal.

>How-To-Repeat:
Build the current port with WITH_LDAP enabled.
Attempt to initialize a test realm, i.e., EXAMPLE.COM using the LDAP 
backend.  (Instructions here: 
http://www.h5l.org/manual/heimdal-1-0-branch/info/heimdal.html#Using-LDAP-to-store-the-database
or
http://www.openinput.com/auth-howto/ ).  When you get to the step where
you inialize your heimdal database, kadmin will segfault.

>Fix:

Add the file patch-lib_hdb_hdb-ldap.c to the 'files' directory under
the security/heimdal port.  This is the same change from the changeset
listed above.

--- patch-lib_hdb_hdb-ldap.c begins here ---
--- lib/hdb/hdb-ldap.c	2008-10-12 01:15:38.000000000 +0000
+++ lib/hdb/hdb-ldap.c	2008-10-12 01:15:55.000000000 +0000
@@ -222,7 +222,7 @@
 
 	(*modlist)[cMods]->mod_bvalues = bv;
 
-	bv[i] = ber_memalloc(sizeof(*bv));;
+	bv[i] = ber_memalloc(sizeof(**bv));;
 	if (bv[i] == NULL)
 	    return ENOMEM;
 
--- patch-lib_hdb_hdb-ldap.c ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted: