Ticket History #5552: minor incompatability krb5-1.6.1 and OpenSSH

# Mon Apr 30 16:44:03 2007 <brian@karoshi.ucsd.edu> - Ticket created

Date:	Mon, 30 Apr 2007 13:39:31 -0700 (PDT)
From:	Brian Kantor <brian@karoshi.ucsd.edu>
To:	krb5-bugs@mit.edu
Subject:	minor incompatability krb5-1.6.1 and OpenSSH_4.6p1, OpenSSL 0.9.8e

Download (untitled) / with headers
text/plain 529B

FreeBSD-6.1-Release, OpenSSH_4.6p1, OpenSSL 0.9.8e, krb5-1.6.1, the
sshd daemon drops core during attempted password login.

This appears to be the result of a null 'opt' pointer being passed
to subroutine 'krb5int_gic_opt_to_opte' at line 235 in lib/krb5/krb/gic_opt.c

A workaround is to apply this patch:

diff -r krb5-1.6.1-dist/src/lib/krb5/krb/gic_opt.c krb5-1.6.1/src/lib/krb5/krb/gic_opt.c
234a235,236

Show quoted text

> if (!opt)
> return 0;

which is arguably not the correct solution but allows me to continue work.
- Brian

# Tue May 01 19:04:01 2007 jaltman (Jeffrey Altman) - Correspondence added

Date:	Tue, 01 May 2007 19:05:36 -0400
From:	Jeffrey Altman <jaltman@mit.edu>
To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #5552] minor incompatability krb5-1.6.1 and OpenSSH_4.6p1, OpenSSL 0.9.8e
RT-Send-Cc:

Download (untitled) / with headers
text/plain 660B

Please try this patch to src/include/k5-int.h

Index: k5-int.h
===================================================================
--- k5-int.h (revision 19525)
+++ k5-int.h (working copy)
@@ -1048,9 +1048,9 @@
#define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000

#define krb5_gic_opt_is_extended(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
#define krb5_gic_opt_is_shadowed(s) \
- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
+ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)

typedef struct _krb5_gic_opt_private {

# Tue May 01 19:16:14 2007 jaltman (Jeffrey Altman) - Correspondence added

Date:	Tue, 01 May 2007 19:17:51 -0400
From:	Jeffrey Altman <jaltman@mit.edu>
To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #5552] minor incompatability krb5-1.6.1 and OpenSSH_4.6p1, OpenSSL 0.9.8e
RT-Send-Cc:

Download (untitled) / with headers
text/plain 605B

And this patch to src/lib/krb5/krb/gc_frm_kdc.c:

Index: gic_opt.c
===================================================================
--- gic_opt.c (revision 19536)
+++ gic_opt.c (working copy)
@@ -206,7 +206,11 @@
oe = krb5int_gic_opte_alloc(context);
if (NULL == oe)
return ENOMEM;
- memcpy(oe, opt, sizeof(*opt));
+ if (opt)
+ memcpy(oe, opt, sizeof(*opt));
+ else
+ memset(oe, 0, sizeof(*opt));
+
/* Fix these -- overwritten by the copy */
oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
KRB5_GET_INIT_CREDS_OPT_SHADOWED);

# Tue May 01 20:54:51 2007 jaltman (Jeffrey Altman) - Correspondence added

Date:	Tue, 01 May 2007 20:56:25 -0400
From:	Jeffrey Altman <jaltman@mit.edu>
To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #5552] minor incompatability krb5-1.6.1 and OpenSSH_4.6p1, OpenSSL 0.9.8e
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1.2KiB

Jeffrey Altman via RT wrote:

Show quoted text

> And this patch to src/lib/krb5/krb/gc_frm_kdc.c:

The patch should have been against gic_opt.c but in any case it was
wrong. Here is a patch that will work. Unlike the prior messages
this version has actually been built and tested against real code.

Index: gic_opt.c
===================================================================
--- gic_opt.c (revision 19536)
+++ gic_opt.c (working copy)
@@ -206,11 +206,21 @@
oe = krb5int_gic_opte_alloc(context);
if (NULL == oe)
return ENOMEM;
- memcpy(oe, opt, sizeof(*opt));
- /* Fix these -- overwritten by the copy */
- oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
- KRB5_GET_INIT_CREDS_OPT_SHADOWED);
+
+ if (opt)
+ memcpy(oe, opt, sizeof(*opt));

+ /*
+ * Fix the flags -- the EXTENDED flag would have been
+ * overwritten by the copy if there was one. The
+ * SHADOWED flag is necessary to ensure that the
+ * krb5_gic_opt_ext structure that was allocated
+ * here will be freed by the library because the
+ * application is unaware of its existence.
+ */
+ oe->flags |= (KRB5_GET_INIT_CREDS_OPT_EXTENDED |
+ KRB5_GET_INIT_CREDS_OPT_SHADOWED);
+
*opte = oe;
return 0;
}

# Tue May 01 21:31:57 2007 jaltman (Jeffrey Altman) - Given to jaltman (Jeffrey Altman)

# Tue May 01 21:31:58 2007 jaltman (Jeffrey Altman) - Status changed from 'new' to 'resolved'

# Tue May 01 21:31:58 2007 jaltman (Jeffrey Altman) - Tags pullup added

# Tue May 01 21:31:58 2007 jaltman (Jeffrey Altman) - Correspondence added

From:	jaltman@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 1KiB

k5-int.h, gic_opt.c

The krb5_get_init_creds_password() and krb5_get_init_creds_keytab()
functions permit the gic_opts parameter to be NULL. This is not
taken into account when testing the value with the macros
krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
Nor is it taken into account within krb5int_gic_opte_copy() which
is called by krb5int_gic_opt_to_opte() when the input parameter is
not a krb5_gic_opt_ext structure.

This commit makes two changes:

(1) it modifies the macros to ensure that the value is non-NULL
before evaluation.

(2) it modifies krb5int_gic_opte_copy() to avoid copying the
original values with memcpy() when the input is NULL.

In addition, the code was audited to ensure that the flag
KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
it is set, that the allocated krb5_gic_opt_ext structure is
freed by krb5_get_init_creds_password() and
krb5_get_init_creds_keytab().

Commit By: jaltman

Revision: 19537
Changed Files:
U trunk/src/include/k5-int.h
U trunk/src/lib/krb5/krb/gic_opt.c

# Tue May 01 21:37:08 2007 jaltman (Jeffrey Altman) - Component krb5-libs added

# Tue May 01 21:37:08 2007 jaltman (Jeffrey Altman) - Version_reported 1.6.1 added

# Tue May 01 21:37:08 2007 jaltman (Jeffrey Altman) - Target_Version 1.6.2 added

# Tue May 01 23:58:44 2007 tlyu (Taylor Yu) - Version_Fixed 1.6.2 added

# Tue May 01 23:58:45 2007 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	SVN Commit

Download (untitled) / with headers
text/plain 1.2KiB

pull up r19537 from trunk

r19537@cathode-dark-space: jaltman | 2007-05-01 21:31:50 -0400
ticket: 5552
tags: pullup

k5-int.h, gic_opt.c

The krb5_get_init_creds_password() and krb5_get_init_creds_keytab()
functions permit the gic_opts parameter to be NULL. This is not
taken into account when testing the value with the macros
krb5_gic_opt_is_extended() and krb5_gic_opt_is_shadowed().
Nor is it taken into account within krb5int_gic_opte_copy() which
is called by krb5int_gic_opt_to_opte() when the input parameter is
not a krb5_gic_opt_ext structure.

This commit makes two changes:

(1) it modifies the macros to ensure that the value is non-NULL
before evaluation.

(2) it modifies krb5int_gic_opte_copy() to avoid copying the
original values with memcpy() when the input is NULL.

In addition, the code was audited to ensure that the flag
KRB5_GET_INIT_CREDS_OPT_SHADOWED is properly set and that when
it is set, that the allocated krb5_gic_opt_ext structure is
freed by krb5_get_init_creds_password() and
krb5_get_init_creds_keytab().

Commit By: tlyu

Revision: 19538
Changed Files:
_U branches/krb5-1-6/
U branches/krb5-1-6/src/include/k5-int.h
U branches/krb5-1-6/src/lib/krb5/krb/gic_opt.c

# Wed Dec 16 18:02:50 2015 tlyu (Taylor Yu) - CustomField pullup deleted

Ticket History #5552: minor incompatability krb5-1.6.1 and OpenSSH_4.6p1, OpenSSL 0.9.8e