Skip Menu |
 

Date: Tue, 31 Aug 2010 00:26:57 -0400
From: Ezra Peisach <peisach@rcsb.rutgers.edu>
To: krb5-bugs@mit.edu
Subject: Buffer overrun in t_ser within the profile library...
Download (untitled) / with headers
text/plain 2.4KiB
This is with the trunk right now... (Aug 30, 2010, 9pm EDT)

make check inside the lib/krb5/krb with valgrind finds errors in the
profile library from t_ser...

This can be reproduced in a build tree with:

(export LD_LIBRARY_PATH=../..; export
KRB5_CONFIG=../../../../src/lib/krb5/krb/t_krb5.conf ; valgrind
--tool=memcheck ./t_ser)


==24033== Memcheck, a memory error detector
==24033== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==24033== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==24033== Command: ./t_ser
==24033==
==24033== Invalid read of size 4
==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033== by 0x804E304: krb5_externalize_data (serialize.c:139)
==24033== by 0x804A2C7: ser_data (t_ser.c:100)
==24033== by 0x804B128: main (t_ser.c:213)
==24033== Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033== by 0x4081138: profile_open_file (prof_file.c:267)
==24033== by 0x4083ADB: profile_init (prof_init.c:44)
==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033== by 0x4057081: init_common (init_ctx.c:164)
==24033== by 0x804AEF6: main (t_ser.c:666)
==24033==
=24033== Invalid read of size 4
==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033== by 0x804D628: krb5_context_externalize (ser_ctx.c:200)
==24033== by 0x804E356: krb5_externalize_data (serialize.c:143)
==24033== by 0x804A2C7: ser_data (t_ser.c:100)
==24033== by 0x804B128: main (t_ser.c:213)
==24033== Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033== by 0x4081138: profile_open_file (prof_file.c:267)
==24033== by 0x4083ADB: profile_init (prof_init.c:44)
==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033== by 0x4057081: init_common (init_ctx.c:164)
==24033== by 0x804AEF6: main (t_ser.c:666)
==24033==

and so on...

filespec is "../../../../src"

running strace on the the process find the only access to ../../../src
is looking at t_krb5.conf


-
Date: Tue, 31 Aug 2010 00:33:01 -0400
From: Ezra Peisach <peisach@rcsb.rutgers.edu>
To: krb5-bugs@mit.edu
Subject: Re: Buffer overrun in t_ser within the profile library...
Download (untitled) / with headers
text/plain 3.1KiB
Err - never mind.... gcc optimization with strlen looking 4 bytes at a
time.... Take off -O2 and everything fine...

Ezra Peisach wrote:
Show quoted text
> This is with the trunk right now... (Aug 30, 2010, 9pm EDT)
>
> make check inside the lib/krb5/krb with valgrind finds errors in the
> profile library from t_ser...
>
> This can be reproduced in a build tree with:
>
> (export LD_LIBRARY_PATH=../..; export
> KRB5_CONFIG=../../../../src/lib/krb5/krb/t_krb5.conf ; valgrind
> --tool=memcheck ./t_ser)
>
>
> ==24033== Memcheck, a memory error detector
> ==24033== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
> ==24033== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright
> info
> ==24033== Command: ./t_ser
> ==24033==
> ==24033== Invalid read of size 4
> ==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
> ==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
> ==24033== by 0x804E304: krb5_externalize_data (serialize.c:139)
> ==24033== by 0x804A2C7: ser_data (t_ser.c:100)
> ==24033== by 0x804B128: main (t_ser.c:213)
> ==24033== Address 0x40ff828 is 128 bytes inside a block of size 129
> alloc'd
> ==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
> ==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
> ==24033== by 0x4081138: profile_open_file (prof_file.c:267)
> ==24033== by 0x4083ADB: profile_init (prof_init.c:44)
> ==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
> ==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
> ==24033== by 0x4057081: init_common (init_ctx.c:164)
> ==24033== by 0x804AEF6: main (t_ser.c:666)
> ==24033==
> =24033== Invalid read of size 4
> ==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
> ==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
> ==24033== by 0x804D628: krb5_context_externalize (ser_ctx.c:200)
> ==24033== by 0x804E356: krb5_externalize_data (serialize.c:143)
> ==24033== by 0x804A2C7: ser_data (t_ser.c:100)
> ==24033== by 0x804B128: main (t_ser.c:213)
> ==24033== Address 0x40ff828 is 128 bytes inside a block of size 129
> alloc'd
> ==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
> ==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
> ==24033== by 0x4081138: profile_open_file (prof_file.c:267)
> ==24033== by 0x4083ADB: profile_init (prof_init.c:44)
> ==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
> ==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
> ==24033== by 0x4057081: init_common (init_ctx.c:164)
> ==24033== by 0x804AEF6: main (t_ser.c:666)
> ==24033==
>
> and so on...
>
> filespec is "../../../../src"
> running strace on the the process find the only access to ../../../src
> is looking at t_krb5.conf
>
>
> -
>
>


--
=======================================================================
Ezra Peisach, Ph.D.
RCSB Protein Data Bank
Department of Chemistry and Chemical Biology
Rutgers The State University of New Jersey
610 Taylor Road
Piscataway, NJ 08854-8087

Email: peisach@rcsb.rutgers.edu
Phone: (732) 445-0103 Fax: (732)-445-4320
========================================================================