Date: | Tue, 31 Aug 2010 00:26:57 -0400 |
From: | Ezra Peisach <peisach@rcsb.rutgers.edu> |
To: | krb5-bugs@mit.edu |
Subject: | Buffer overrun in t_ser within the profile library... |
This is with the trunk right now... (Aug 30, 2010, 9pm EDT)
make check inside the lib/krb5/krb with valgrind finds errors in the
profile library from t_ser...
This can be reproduced in a build tree with:
(export LD_LIBRARY_PATH=../..; export
KRB5_CONFIG=../../../../src/lib/krb5/krb/t_krb5.conf ; valgrind
--tool=memcheck ./t_ser)
==24033== Memcheck, a memory error detector
==24033== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==24033== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==24033== Command: ./t_ser
==24033==
==24033== Invalid read of size 4
==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033== by 0x804E304: krb5_externalize_data (serialize.c:139)
==24033== by 0x804A2C7: ser_data (t_ser.c:100)
==24033== by 0x804B128: main (t_ser.c:213)
==24033== Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033== by 0x4081138: profile_open_file (prof_file.c:267)
==24033== by 0x4083ADB: profile_init (prof_init.c:44)
==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033== by 0x4057081: init_common (init_ctx.c:164)
==24033== by 0x804AEF6: main (t_ser.c:666)
==24033==
=24033== Invalid read of size 4
==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033== by 0x804D628: krb5_context_externalize (ser_ctx.c:200)
==24033== by 0x804E356: krb5_externalize_data (serialize.c:143)
==24033== by 0x804A2C7: ser_data (t_ser.c:100)
==24033== by 0x804B128: main (t_ser.c:213)
==24033== Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033== by 0x4081138: profile_open_file (prof_file.c:267)
==24033== by 0x4083ADB: profile_init (prof_init.c:44)
==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033== by 0x4057081: init_common (init_ctx.c:164)
==24033== by 0x804AEF6: main (t_ser.c:666)
==24033==
and so on...
filespec is "../../../../src"
running strace on the the process find the only access to ../../../src
is looking at t_krb5.conf
-
make check inside the lib/krb5/krb with valgrind finds errors in the
profile library from t_ser...
This can be reproduced in a build tree with:
(export LD_LIBRARY_PATH=../..; export
KRB5_CONFIG=../../../../src/lib/krb5/krb/t_krb5.conf ; valgrind
--tool=memcheck ./t_ser)
==24033== Memcheck, a memory error detector
==24033== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
==24033== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
==24033== Command: ./t_ser
==24033==
==24033== Invalid read of size 4
==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033== by 0x804E304: krb5_externalize_data (serialize.c:139)
==24033== by 0x804A2C7: ser_data (t_ser.c:100)
==24033== by 0x804B128: main (t_ser.c:213)
==24033== Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033== by 0x4081138: profile_open_file (prof_file.c:267)
==24033== by 0x4083ADB: profile_init (prof_init.c:44)
==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033== by 0x4057081: init_common (init_ctx.c:164)
==24033== by 0x804AEF6: main (t_ser.c:666)
==24033==
=24033== Invalid read of size 4
==24033== at 0x408369C: profile_ser_size (prof_init.c:274)
==24033== by 0x804D5A5: krb5_context_size (ser_ctx.c:169)
==24033== by 0x804D628: krb5_context_externalize (ser_ctx.c:200)
==24033== by 0x804E356: krb5_externalize_data (serialize.c:143)
==24033== by 0x804A2C7: ser_data (t_ser.c:100)
==24033== by 0x804B128: main (t_ser.c:213)
==24033== Address 0x40ff828 is 128 bytes inside a block of size 129 alloc'd
==24033== at 0x4005BDC: malloc (vg_replace_malloc.c:195)
==24033== by 0x4080D0F: profile_make_prf_data (prof_file.c:180)
==24033== by 0x4081138: profile_open_file (prof_file.c:267)
==24033== by 0x4083ADB: profile_init (prof_init.c:44)
==24033== by 0x40793B7: os_init_paths (init_os_ctx.c:331)
==24033== by 0x4079505: krb5_os_init_context (init_os_ctx.c:385)
==24033== by 0x4057081: init_common (init_ctx.c:164)
==24033== by 0x804AEF6: main (t_ser.c:666)
==24033==
and so on...
filespec is "../../../../src"
running strace on the the process find the only access to ../../../src
is looking at t_krb5.conf
-