From owner-freebsd-bugs@FreeBSD.ORG  Sat Oct 20 01:20:01 2007
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Delivered-To: freebsd-bugs@hub.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7450B16A420
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 20 Oct 2007 01:20:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (freefall.freebsd.org
	[IPv6:2001:4f8:fff6::28])
	by mx1.freebsd.org (Postfix) with ESMTP id 1B76B13C458
	for <freebsd-bugs@hub.freebsd.org>;
	Sat, 20 Oct 2007 01:20:01 +0000 (UTC)
	(envelope-from gnats@FreeBSD.org)
Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1])
	by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l9K1K136085705
	for <freebsd-bugs@freefall.freebsd.org>; Sat, 20 Oct 2007 01:20:01 GMT
	(envelope-from gnats@freefall.freebsd.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l9K1K0X4085704;
	Sat, 20 Oct 2007 01:20:00 GMT (envelope-from gnats)
Resent-Date: Sat, 20 Oct 2007 01:20:00 GMT
Resent-Message-Id: <200710200120.l9K1K0X4085704@freefall.freebsd.org>
Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer)
Resent-To: freebsd-bugs@FreeBSD.org
Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org,
	Nathan Whitehorn <nathanw@uchicago.edu>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 5CFE216A418
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sat, 20 Oct 2007 01:18:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [IPv6:2001:4f8:fff6::21])
	by mx1.freebsd.org (Postfix) with ESMTP id 2CC7513C447
	for <freebsd-gnats-submit@FreeBSD.org>;
	Sat, 20 Oct 2007 01:18:04 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.14.1/8.14.1) with ESMTP id l9K1Hl4i029325
	for <freebsd-gnats-submit@FreeBSD.org>; Sat, 20 Oct 2007 01:17:47 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.14.1/8.14.1/Submit) id l9K1Hlou029324;
	Sat, 20 Oct 2007 01:17:47 GMT (envelope-from nobody)
Message-Id: <200710200117.l9K1Hlou029324@www.freebsd.org>
Date: Sat, 20 Oct 2007 01:17:47 GMT
From: Nathan Whitehorn <nathanw@uchicago.edu>
To: freebsd-gnats-submit@FreeBSD.org
X-Send-Pr-Version: www-3.1
Cc: 
Subject: misc/117349: gss_acquire_cred can crash if _gss_mech_oids has not
	been initialized
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
	<mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Oct 2007 01:20:01 -0000


>Number:         117349
>Category:       misc
>Synopsis:       gss_acquire_cred can crash if _gss_mech_oids has not been initialized
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 20 01:20:00 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator:     Nathan Whitehorn
>Release:        7.0-CURRENT
>Organization:
University of Chicago
>Environment:
FreeBSD banshee.uchicago.edu 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Mon Oct  8 14:34:11 CDT 2007     root@banshee.uchicago.edu:/usr/obj/usr/src/sys/X2100  amd64
>Description:
gss_acquire_cred() uses _gss_mech_oids to initialize an empty OID set without checking if it has been initialized. With some programs, it happens to have been initialized already. With others (e.g. dovecot), it hasn't been, causing a seg fault. The attached patch forces initialization in the event _gss_mech_oids is NULL.
>How-To-Repeat:

>Fix:
--- gss_acquire_cred.c  2007-10-19 20:12:40.000000000 -0500
+++ gss_acquire_cred.c.dist     2007-10-19 20:12:26.000000000 -0500
@@ -59,10 +59,6 @@
         * First make sure that at least one of the requested
         * mechanisms is one that we support.
         */
-
-       if (!_gss_mech_oids)
-                _gss_load_mech();
-
        if (mechs) {
                _gss_load_mech();
                for (i = 0; i < mechs->count; i++) 

>Release-Note:
>Audit-Trail:
>Unformatted: