From owner-freebsd-bugs Thu Jun 19 00:20:04 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id AAA12531 for bugs-outgoing; Thu, 19 Jun 1997 00:20:04 -0700 (PDT) Received: (from gnats@localhost) by hub.freebsd.org (8.8.5/8.8.5) id AAA12506; Thu, 19 Jun 1997 00:20:02 -0700 (PDT) Resent-Date: Thu, 19 Jun 1997 00:20:02 -0700 (PDT) Resent-Message-Id: <199706190720.AAA12506@hub.freebsd.org> Resent-From: gnats (GNATS Management) Resent-To: freebsd-bugs Resent-Reply-To: FreeBSD-gnats@FreeBSD.ORG, traister@gate.net Received: from manta.traister-one.org (root@dfbfl1-6.gate.net [198.206.135.133]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA12170 for ; Thu, 19 Jun 1997 00:12:27 -0700 (PDT) Received: (from traister@localhost) by manta.traister-one.org (8.8.5/8.8.5) id DAA09402; Thu, 19 Jun 1997 03:12:21 -0400 (EDT) Message-Id: <199706190712.DAA09402@manta.traister-one.org> Date: Thu, 19 Jun 1997 03:12:21 -0400 (EDT) From: Joe Traister Reply-To: traister@gate.net To: FreeBSD-gnats-submit@FreeBSD.ORG X-Send-Pr-Version: 3.2 Subject: bin/3903: Kerberized su -l fails with segfault Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk >Number: 3903 >Category: bin >Synopsis: Kerberized su -l fails with segfault >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Thu Jun 19 00:20:01 PDT 1997 >Last-Modified: >Originator: Joe Traister >Organization: None >Release: FreeBSD 2.2.2-RELEASE i386 >Environment: FreeBSD 2.2.2 with Kerberos installed, configured and running. >Description: su -l fails with a segfault when a Kerberos password is used. Because the kerberos() routine in su.c calls setenv(), setenv() sets it's static flag to indicate it's alloced memory already. When the environment is set to a fixed array and setusercontext() is called, the setenv()'s in that routine try to realloc() the array because the flag is set. >How-To-Repeat: On a Kerberized machine, use su -l and then give a correct Kerberos password for a .root principle. >Fix: --- /usr/src/usr.bin/su/su.c Sat May 10 18:07:58 1997 +++ su.c Thu Jun 19 02:51:46 1997 @@ -101,7 +101,7 @@ char *targetpass; int iswheelsu; #endif /* WHEELSU */ - char *p, **g, *user, *shell=NULL, *username, *cleanenv[20], **nargv, **np; + char *p, **g, *user, *shell=NULL, *username, **cleanenv, **nargv, **np; struct group *gr; uid_t ruid; int asme, ch, asthem, fastlogin, prio, i; @@ -371,6 +371,8 @@ if (!asme) { if (asthem) { p = getenv("TERM"); + if ((cleanenv = calloc(20, sizeof(char*))) == NULL) + errx(1, "calloc"); cleanenv[0] = NULL; environ = cleanenv; #ifdef LOGIN_CAP >Audit-Trail: >Unformatted: