Skip Menu |
 

History Show all quoted textShow full headers
# Wed Apr 02 16:38:08 2008 guest (Public Submitter) - Ticket created
Subject: gss_accept_sec_context() returns minor_status == 0 if arg3 == GSS_C_NO_CREDENTIAL
Download (untitled) / with headers
text/plain 634B
Near the end of gss_accept_sec_context(), we have:

if (!verifier_cred_handle && cred_handle) {
krb5_gss_release_cred(minor_status, &cred_handle);
}

Unfortunately, minor_status is a passed in ref and this call will
clear the error that we expect to be returning to the caller. This
same class may also affect the my proposed fix to the memory leak
if arg3 == GSS_C_NO_CREDENTIAL in the non-error case in the opposite
sense, that is that code may return non-zero minor_status when
major_status is zero. That appears to be be less problematic but
should also be fixed once that patch or something like it is adopted.
# Wed Jun 18 13:02:02 2008 jaltman (Jeffrey Altman) - Ticket 5936 RefersTo ticket 5442.
# Wed Jun 18 13:02:23 2008 jaltman (Jeffrey Altman) - AdminCc jaltman (Jeffrey Altman) added
# Wed Jun 18 13:03:33 2008 jaltman (Jeffrey Altman) - Comments added
Download (untitled) / with headers
text/plain 65B
both this ticket and 5442 touch the same code. fix in one patch.
# Wed Jun 18 14:03:04 2008 jaltman (Jeffrey Altman) - Component krb5-libs added
# Wed Jun 18 14:03:04 2008 jaltman (Jeffrey Altman) - Version_reported 1.6.4 added
# Wed Jun 18 14:03:15 2008 jaltman (Jeffrey Altman) - Status changed from 'new' to 'open'
# Mon Jul 21 16:50:51 2008 jaltman (Jeffrey Altman) - Comments added
Download (untitled) / with headers
text/plain 1.3KiB
Copied from 5442

From: jaltman@mit.edu
Subject: SVN Commit


This patch addresses the issues raised in this ticket and ticket 5936.

(a) In the case where 'cred_handle' != 'verifier_cred_handle'[1]
krb5_gss_accept_sec_context() leaks the 'cred_handle' in the success
case and the failure cases that result in returning from the function
prior to reaching the end of the function.

(b) The meaningful 'minor_status' return value is destroyed during the
cleanup operations.

The approach taken is to add a new 'exit:' label prior to the end of the
function through which all function returns after reaching the 'fail:'
label will goto. After 'exit:', the 'cred_handle' will be released and
if there is a krb5_context 'context' to be freed, the error info will be
saved and krb5_free_context() will be called.

In the success case, the krb5_context is saved in the gss context and we
now set 'context' to NULL to prevent it from being freed.

In order to preserve the minor_status return code, a 'tmp_minor_status'
variable is added that is used after the 'fail:' label in calls to
krb5_gss_delete_sec_context() and krb5_gss_release_cred().


[1] If 'verifier_cred_handle' is non-NULL, then 'cred_handle' is set to
the value of 'verifier_cred_handle'.




Commit By: jaltman



Revision: 20559
Changed Files:
U trunk/src/lib/gssapi/krb5/accept_sec_context.c
# Tue Jul 22 18:07:58 2008 jaltman (Jeffrey Altman) - Status changed from 'open' to 'review'
# Tue Jul 22 18:07:59 2008 jaltman (Jeffrey Altman) - Tags pullup added
# Thu Jul 24 11:36:05 2008 Christian Krause <chkr@plauener.de> - Ticket #6051: - Ticket created
Date: Thu, 24 Jul 2008 10:29:59 +0200
From: Christian Krause <chkr@plauener.de>
To: krb5-bugs@mit.edu
Subject: krb5_gss_accept_sec_context always returns minor_status = 0
Download (untitled) / with headers
text/plain 1.7KiB
Hi,

I've started to use krb5's (krb-1.6.3) gss API and it happened quite
often in the first time, that this function failed for various reasons
(which is not a problem so far).

The function returned GSS_S_FAILURE and according to the documentation a
more specific error code should be in minor_status. But in my case
minor_status was always 0.

I've digged a little bit in the implementation in
krb5/src/lib/gssapi/krb5/accept_sec_context.c and it looks like in line
928 the minor_status is correctly set to code, which is the return value
of most krb5 functions:

*minor_status = code;

So far this would work perfectly.

Unfortunately, at the end of this function it will be overwritten:

if (!verifier_cred_handle && cred_handle) {
krb5_gss_release_cred(minor_status, &cred_handle);
}

At least in my case, the condition was always true (because I've called
accept_sec_contect with verifier_cred_handle=GSS_C_NO_CREDENTIAL) and so
the real error was always hidden.

Because this is not very convenient (and usually the return code of
krb5_gss_release_cred is much less helpful than the real error code of a
previous failed function), I'd suggest to change the code like this:

--- src/lib/gssapi/krb5/accept_sec_context.c
+++ src/lib/gssapi/krb5/accept_sec_context.c
@@ -991,7 +991,8 @@
*output_token = token;
}
if (!verifier_cred_handle && cred_handle) {
- krb5_gss_release_cred(minor_status, &cred_handle);
+ int release_minor_status;
+ krb5_gss_release_cred(&release_minor_status, &cred_handle);
}
krb5_free_context(context);
return (major_status);


It would be great if you could review this patch and consider to apply
the it.

Thank you very much in advance!


Best regards,
Christian
# Thu Jul 24 14:02:27 2008 Jeffrey Altman <jaltman@secure-endpoints.com> - Ticket #6051: - Correspondence added
Date: Thu, 24 Jul 2008 14:04:08 -0400
From: Jeffrey Altman <jaltman@secure-endpoints.com>
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #6051] krb5_gss_accept_sec_context always returns minor_status = 0
RT-Send-Cc:
Download (untitled) / with headers
text/plain 188B
Please see RT #5442. A patch for this issue and a memory leak within
the same function has already been committed to the trunk and is
awaiting review and pullup to the release branch.
Download smime.p7s
application/x-pkcs7-signature 3.2KiB

Message body not shown because it is not plain text.

# Fri Jul 25 03:50:17 2008 Christian Krause <chkr@plauener.de> - Ticket #6051: - Comments added
Date: Fri, 25 Jul 2008 09:50:05 +0200
From: Christian Krause <chkr@plauener.de>
To: rt-comment@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #6051] krb5_gss_accept_sec_context always returns minor_status = 0
RT-Send-Cc:
Download (untitled) / with headers
text/plain 598B
Hi Jeffrey,

Jeffrey Altman via RT wrote:
Show quoted text
> Please see RT #5442. A patch for this issue and a memory leak within
> the same function has already been committed to the trunk and is
> awaiting review and pullup to the release branch
Sorry for opening this new bug - I've searched in RT before I've created
it, but without success.
I've checked now #5442 and some referred bugs, and I think it would be
the best to set this one (#6051) as a duplicate of #5936.

Good news that it is already fixed- I'd like to try it out. Is there a
public access to the krb SVN server?

Best regards,
Christian
# Fri Jul 25 12:07:28 2008 tlyu (Taylor Yu) - Ticket #6051: - Correspondence added
To: rt@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #6051] krb5_gss_accept_sec_context always returns minor_status = 0
From: Tom Yu <tlyu@MIT.EDU>
Date: Fri, 25 Jul 2008 12:07:16 -0400
RT-Send-Cc:
Download (untitled) / with headers
text/plain 200B
"Christian Krause via RT" <rt-comment@krbdev.mit.edu> writes:

Show quoted text
> Good news that it is already fixed- I'd like to try it out. Is there a
> public access to the krb SVN server?

svn://anonsvn.mit.edu/
# Fri Jul 25 12:21:15 2008 tlyu (Taylor Yu) - Ticket #6051: - Ticket 6051 MergedInto ticket 5936.
# Fri Jul 25 12:21:15 2008 tlyu (Taylor Yu) - Ticket #6051: - Correspondence added
Download (untitled) / with headers
text/plain 19B
Merging into #5936.
# Fri Jul 25 16:38:08 2008 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'
# Fri Jul 25 16:38:08 2008 tlyu (Taylor Yu) - Given to tlyu (Taylor Yu)
# Fri Jul 25 16:38:09 2008 tlyu (Taylor Yu) - Version_Fixed 1.6.4 added
# Fri Jul 25 16:38:09 2008 tlyu (Taylor Yu) - Target_Version 1.6.4 added
# Fri Jul 25 16:38:09 2008 tlyu (Taylor Yu) - Correspondence added
Download (untitled) / with headers
text/plain 26B
Fixed by patches in #5442.
# Wed Dec 16 18:02:52 2015 tlyu (Taylor Yu) - CustomField pullup deleted