From owner-freebsd-ports-bugs@FreeBSD.ORG Mon Apr 14 22:30:01 2014 Return-Path: Delivered-To: freebsd-ports-bugs@smarthost.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DB273295 for ; Mon, 14 Apr 2014 22:30:00 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B70451532 for ; Mon, 14 Apr 2014 22:30:00 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.8/8.14.8) with ESMTP id s3EMU0jg052436 for ; Mon, 14 Apr 2014 22:30:00 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s3EMU0id052427; Mon, 14 Apr 2014 22:30:00 GMT (envelope-from gnats) Resent-Date: Mon, 14 Apr 2014 22:30:00 GMT Resent-Message-Id: <201404142230.s3EMU0id052427@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Garrett Wollman Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 9698D164 for ; Mon, 14 Apr 2014 22:23:39 +0000 (UTC) Received: from truechimer.csail.mit.edu (truechimer.csail.mit.edu [128.30.2.89]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 39C8114F7 for ; Mon, 14 Apr 2014 22:23:38 +0000 (UTC) Received: from truechimer.csail.mit.edu (localhost [127.0.0.1]) by truechimer.csail.mit.edu (8.14.7/8.14.7) with ESMTP id s3EMJ9AT080786 for ; Mon, 14 Apr 2014 18:19:09 -0400 (EDT) (envelope-from wollman@truechimer.csail.mit.edu) Received: (from wollman@localhost) by truechimer.csail.mit.edu (8.14.7/8.14.7/Submit) id s3EMJ8Zb080785; Mon, 14 Apr 2014 18:19:08 -0400 (EDT) (envelope-from wollman) Message-Id: <201404142219.s3EMJ8Zb080785@truechimer.csail.mit.edu> Date: Mon, 14 Apr 2014 18:19:08 -0400 (EDT) From: Garrett Wollman To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.114 Subject: ports/188631: net/freeradius3 rlm_krb5 + -X + security/krb5 = fail X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Apr 2014 22:30:01 -0000 >Number: 188631 >Category: ports >Synopsis: net/freeradius3 rlm_krb5 + -X + security/krb5 = fail >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 14 22:30:00 UTC 2014 >Closed-Date: >Last-Modified: >Originator: Garrett Wollman >Release: FreeBSD 9.2-RELEASE-p3 amd64 >Organization: MIT Computer Science & Artificial Intelligence Laboratory >Environment: System: FreeBSD truechimer.csail.mit.edu 9.2-RELEASE-p3 FreeBSD 9.2-RELEASE-p3 #3 r260650M: Tue Jan 14 17:08:30 EST 2014 wollman@xyz.csail.mit.edu:/usr/obj/usr/src/sys/CSAIL amd64 freeradius3-3.0.2_1 A free RADIUS server implementation krb5-1.12.1 Authentication system developed at MIT, successor to Kerberos IV Options: OPTIONS_FILE_SET+=DEVELOPER OPTIONS_FILE_UNSET+=EDIR OPTIONS_FILE_UNSET+=EXPERIMENTAL OPTIONS_FILE_UNSET+=FIREBIRD OPTIONS_FILE_UNSET+=FREETDS OPTIONS_FILE_UNSET+=HEIMDAL OPTIONS_FILE_UNSET+=HEIMDAL_PORT OPTIONS_FILE_UNSET+=IDN OPTIONS_FILE_SET+=KERBEROS OPTIONS_FILE_UNSET+=LDAP OPTIONS_FILE_UNSET+=MYSQL OPTIONS_FILE_SET+=PERL OPTIONS_FILE_SET+=PGSQL OPTIONS_FILE_UNSET+=PYTHON OPTIONS_FILE_UNSET+=REDIS OPTIONS_FILE_UNSET+=REST OPTIONS_FILE_UNSET+=RUBY OPTIONS_FILE_SET+=SSL_PORT OPTIONS_FILE_UNSET+=UDPFROMTO OPTIONS_FILE_UNSET+=UNIXODBC OPTIONS_FILE_SET+=USER >Description: When using rlm_krb5 to check passwords inside an EAP-TTLS tunnel, if a user attempts to authenticate using an incorrect password, the server crashes. This happens whether or not rlm_krb5 is compiled with KRB5_IS_THREAD_SAFE. Apparently the rlm_krb5 code was never properly tested with MIT Kerberos, and is missing a goto for error recovery (which is present in the Heimdal version of the code, in the other branch of the giant #ifdef block). >How-To-Repeat: Configure rlm_krb5 so that it works when password is correct, then supply an incorrect password. >Fix: I added this patch to the port. Unfortunately the freeradius bug tracker requires an account, and their mailing-list server is unreachable. --- src/modules/rlm_krb5/rlm_krb5.c.orig 2014-04-14 18:02:22.083233370 -0400 +++ src/modules/rlm_krb5/rlm_krb5.c 2014-04-14 18:03:11.530236104 -0400 @@ -457,6 +457,7 @@ NULL, NULL, 0, NULL, inst->gic_options); if (ret) { rcode = krb5_process_error(request, conn, ret); + goto cleanup; } RDEBUG("Attempting to authenticate against service principal"); >Release-Note: >Audit-Trail: >Unformatted: