From owner-freebsd-bugs@FreeBSD.ORG Wed Nov 28 06:50:04 2007 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5698A16A420 for ; Wed, 28 Nov 2007 06:50:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 4673F13C474 for ; Wed, 28 Nov 2007 06:50:04 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.2/8.14.2) with ESMTP id lAS6o4Ef063168 for ; Wed, 28 Nov 2007 06:50:04 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.2/8.14.1/Submit) id lAS6o40U063167; Wed, 28 Nov 2007 06:50:04 GMT (envelope-from gnats) Date: Wed, 28 Nov 2007 06:50:04 GMT Message-Id: <200711280650.lAS6o40U063167@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org From: Sean McNeil Cc: Subject: Re: kern/117349: [libgssapi] [patch] gss_acquire_cred can crash if _gss_mech_oids has not been initialized X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Sean McNeil List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Nov 2007 06:50:04 -0000 The following reply was made to PR kern/117349; it has been noted by GNATS. From: Sean McNeil To: bug-followup@FreeBSD.org, nathanw@uchicago.edu Cc: Subject: Re: kern/117349: [libgssapi] [patch] gss_acquire_cred can crash if _gss_mech_oids has not been initialized Date: Tue, 27 Nov 2007 22:32:53 -0800 This is a multi-part message in MIME format. --------------070809070203010900060003 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit I have seen this exact issue with openldap 2.3 on HEAD/RELENG_7. Here is an alternative patch to resolve this issue: --- gss_acquire_cred.c.orig 2005-12-29 06:40:20.000000000 -0800 +++ gss_acquire_cred.c 2007-11-22 18:30:07.000000000 -0800 @@ -59,8 +59,8 @@ * First make sure that at least one of the requested * mechanisms is one that we support. */ + _gss_load_mech(); if (mechs) { - _gss_load_mech(); for (i = 0; i < mechs->count; i++) { int t; gss_test_oid_set_member(minor_status, @@ -74,6 +74,9 @@ return (GSS_S_BAD_MECH); } } + else + mechs = _gss_mech_oids; + if (actual_mechs) { major_status = gss_create_empty_oid_set(minor_status, @@ -92,9 +95,6 @@ cred->gc_usage = cred_usage; SLIST_INIT(&cred->gc_mc); - if (mechs == GSS_C_NO_OID_SET) - mechs = _gss_mech_oids; - set.count = 1; min_time = GSS_C_INDEFINITE; for (i = 0; i < mechs->count; i++) { --------------070809070203010900060003 Content-Type: text/x-patch; name="gss_acquire_cred.c.diff" Content-Transfer-Encoding: 7bit Content-Disposition: inline; filename="gss_acquire_cred.c.diff" --- gss_acquire_cred.c.orig 2005-12-29 06:40:20.000000000 -0800 +++ gss_acquire_cred.c 2007-11-22 18:30:07.000000000 -0800 @@ -59,8 +59,8 @@ * First make sure that at least one of the requested * mechanisms is one that we support. */ + _gss_load_mech(); if (mechs) { - _gss_load_mech(); for (i = 0; i < mechs->count; i++) { int t; gss_test_oid_set_member(minor_status, @@ -74,6 +74,9 @@ return (GSS_S_BAD_MECH); } } + else + mechs = _gss_mech_oids; + if (actual_mechs) { major_status = gss_create_empty_oid_set(minor_status, @@ -92,9 +95,6 @@ cred->gc_usage = cred_usage; SLIST_INIT(&cred->gc_mc); - if (mechs == GSS_C_NO_OID_SET) - mechs = _gss_mech_oids; - set.count = 1; min_time = GSS_C_INDEFINITE; for (i = 0; i < mechs->count; i++) { --------------070809070203010900060003--