Subject: | kdb5_ldap_util create segfaults when krb5_dbekd_encrypt_key_data() called |
I'm seeing a segfault when I run:
kdb5_ldap_util -P test123 -D "cn=Manager,dc=zone,dc=net" -w test123
create -r ZONE.NET -s
Core was generated by `kdb5_ldap_util -P test123 -D
cn=Manager,dc=zone,dc=net -w test123 create -r ZON'.
Program terminated with signal 11, Segmentation fault.
#0 0xfeef873d in krb5_dbekd_encrypt_key_data (kcontext=0x80876c8,
mkey=0x80479e0, dbkey=0x809ac1c, keysalt=0x0,
keyver=1, key_data=0x8098940) at
../../../migrate_bugfix/src/lib/kdb/kdb5.c:3052
3052 status =
(gdb) where
#0 0xfeef873d in krb5_dbekd_encrypt_key_data (kcontext=0x80876c8,
mkey=0x80479e0, dbkey=0x809ac1c, keysalt=0x0,
keyver=1, key_data=0x8098940) at
../../../migrate_bugfix/src/lib/kdb/kdb5.c:3052
#1 0x08057b40 in kdb_ldap_create_principal (context=0x80876c8,
princ=0x8099cc0, op=MASTER_KEY, pblock=0x806ec1c)
at
../../../../../migrate_bugfix/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:2503
#2 0x08055ddc in kdb5_ldap_create (argc=2, argv=0x809df88)
at
../../../../../migrate_bugfix/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:700
#3 0x08054248 in main (argc=0, argv=0x8047b00)
at
../../../../../migrate_bugfix/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:614
052 status =
3053 dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(kcontext,
3054 mkey, dbkey, keysalt, keyver, key_data);
print dal_handle->lib_handle
$1 = 0x0
In src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:main() there is this
to initialize dal_handle:
/* Setup DAL handle to access the database */
dal_handle = calloc((size_t)1, sizeof(kdb5_dal_handle));
if (dal_handle == NULL) {
goto cleanup;
}
dal_handle->db_context = ldap_context;
util_context->dal_handle = dal_handle;
ldap_context = NULL;
db_retval = krb5_ldap_read_server_params(util_context, conf_section,
KRB5_KDB_SRV_TYPE_OTHER);
if (db_retval) {
com_err(progname, db_retval, "while reading ldap configuration");
exit_status++;
goto cleanup;
}
if (cmd->opendb) {
db_retval = krb5_ldap_db_init(util_context, (krb5_ldap_context
*)dal_handle->db_context);
if (db_retval) {
com_err(progname, db_retval, "while initializing database");
exit_status++;
goto cleanup;
}
db_inited = TRUE;
}
(*cmd->func)(cmd_argc, cmd_argv);
Note that dal_handle->lib_handle isn't being initialized.
krb5_dbekd_encrypt_key_data() used to be in lib/krb5/kdb/encrypt_key.c
and did not call dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data().
Now krb5_dbekd_encrypt_key_data() is in src/lib/kdb/kdb5.c and is
calling dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(). I
think this was introduced by ticket 6313.
kdb5_ldap_util -P test123 -D "cn=Manager,dc=zone,dc=net" -w test123
create -r ZONE.NET -s
Core was generated by `kdb5_ldap_util -P test123 -D
cn=Manager,dc=zone,dc=net -w test123 create -r ZON'.
Program terminated with signal 11, Segmentation fault.
#0 0xfeef873d in krb5_dbekd_encrypt_key_data (kcontext=0x80876c8,
mkey=0x80479e0, dbkey=0x809ac1c, keysalt=0x0,
keyver=1, key_data=0x8098940) at
../../../migrate_bugfix/src/lib/kdb/kdb5.c:3052
3052 status =
(gdb) where
#0 0xfeef873d in krb5_dbekd_encrypt_key_data (kcontext=0x80876c8,
mkey=0x80479e0, dbkey=0x809ac1c, keysalt=0x0,
keyver=1, key_data=0x8098940) at
../../../migrate_bugfix/src/lib/kdb/kdb5.c:3052
#1 0x08057b40 in kdb_ldap_create_principal (context=0x80876c8,
princ=0x8099cc0, op=MASTER_KEY, pblock=0x806ec1c)
at
../../../../../migrate_bugfix/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:2503
#2 0x08055ddc in kdb5_ldap_create (argc=2, argv=0x809df88)
at
../../../../../migrate_bugfix/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_realm.c:700
#3 0x08054248 in main (argc=0, argv=0x8047b00)
at
../../../../../migrate_bugfix/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:614
052 status =
3053 dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(kcontext,
3054 mkey, dbkey, keysalt, keyver, key_data);
print dal_handle->lib_handle
$1 = 0x0
In src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.c:main() there is this
to initialize dal_handle:
/* Setup DAL handle to access the database */
dal_handle = calloc((size_t)1, sizeof(kdb5_dal_handle));
if (dal_handle == NULL) {
goto cleanup;
}
dal_handle->db_context = ldap_context;
util_context->dal_handle = dal_handle;
ldap_context = NULL;
db_retval = krb5_ldap_read_server_params(util_context, conf_section,
KRB5_KDB_SRV_TYPE_OTHER);
if (db_retval) {
com_err(progname, db_retval, "while reading ldap configuration");
exit_status++;
goto cleanup;
}
if (cmd->opendb) {
db_retval = krb5_ldap_db_init(util_context, (krb5_ldap_context
*)dal_handle->db_context);
if (db_retval) {
com_err(progname, db_retval, "while initializing database");
exit_status++;
goto cleanup;
}
db_inited = TRUE;
}
(*cmd->func)(cmd_argc, cmd_argv);
Note that dal_handle->lib_handle isn't being initialized.
krb5_dbekd_encrypt_key_data() used to be in lib/krb5/kdb/encrypt_key.c
and did not call dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data().
Now krb5_dbekd_encrypt_key_data() is in src/lib/kdb/kdb5.c and is
calling dal_handle->lib_handle->vftabl.dbekd_encrypt_key_data(). I
think this was introduced by ticket 6313.