Date: Sat, 20 Oct 2007 01:17:47 GMT From: Nathan Whitehorn <nathanw@uchicago.edu> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/117349: gss_acquire_cred can crash if _gss_mech_oids has not been initialized Message-ID: <200710200117.l9K1Hlou029324@www.freebsd.org> Resent-Message-ID: <200710200120.l9K1K0X4085704@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 117349
>Category: misc
>Synopsis: gss_acquire_cred can crash if _gss_mech_oids has not been initialized
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 20 01:20:00 UTC 2007
>Closed-Date:
>Last-Modified:
>Originator: Nathan Whitehorn
>Release: 7.0-CURRENT
>Organization:
University of Chicago
>Environment:
FreeBSD banshee.uchicago.edu 7.0-CURRENT FreeBSD 7.0-CURRENT #0: Mon Oct 8 14:34:11 CDT 2007 root@banshee.uchicago.edu:/usr/obj/usr/src/sys/X2100 amd64
>Description:
gss_acquire_cred() uses _gss_mech_oids to initialize an empty OID set without checking if it has been initialized. With some programs, it happens to have been initialized already. With others (e.g. dovecot), it hasn't been, causing a seg fault. The attached patch forces initialization in the event _gss_mech_oids is NULL.
>How-To-Repeat:
>Fix:
--- gss_acquire_cred.c 2007-10-19 20:12:40.000000000 -0500
+++ gss_acquire_cred.c.dist 2007-10-19 20:12:26.000000000 -0500
@@ -59,10 +59,6 @@
* First make sure that at least one of the requested
* mechanisms is one that we support.
*/
-
- if (!_gss_mech_oids)
- _gss_load_mech();
-
if (mechs) {
_gss_load_mech();
for (i = 0; i < mechs->count; i++)
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710200117.l9K1Hlou029324>