Ticket History #7926: 1.12 breaks gssapi mechanisms that recursively call into libgssapi

# Wed May 28 21:48:33 2014 hartmans (Sam Hartman) - Ticket created

From:	Sam Hartman <hartmans@MIT.EDU>
To:	krb5-bugs@MIT.EDU
Subject:	1.12 breaks gssapi mechanisms that recursively call into libgssapi
Date:	Wed, 28 May 2014 21:48:29 -0400

Download (untitled) / with headers
text/plain 571B

dlsym on Unix doesn't have a great way to limit behavior so that it
will give you symbols from a module but *not* from its dependencies.
So, if you're looking up whether a module has a given symbol then
So, for all the GSS entry points you'll find them if you look for them
in something that recursively loads libgssapi_krb5.

Something seems to have broken; I'm seeing moonshot's mechanism crash
with a stack overflow looping through calls to gss_add_cred_from.

I haven't looked at exactly what changed, but wanted to open the bug and
will follow up with details.

# Wed Jun 04 13:05:30 2014 hartmans (Sam Hartman) - Correspondence added

From:	Sam Hartman <hartmans@mit.edu>
To:	rt@krbdev.mit.edu
Subject:	Re: [krbdev.mit.edu #7926] AutoReply: 1.12 breaks gssapi mechanisms that recursively call into libgssapi
Date:	Wed, 04 Jun 2014 13:05:29 -0400
RT-Send-Cc:

Download (untitled) / with headers
text/plain 1.9KiB

Here's a patch to fix the problem:

From ed4d5c8679e5b162b8cf20c0f4d8ddb6d241f7da Mon Sep 17 00:00:00 2001
From: Sam Hartman <hartmans@debian.org>
Date: Wed, 4 Jun 2014 12:06:27 -0400
Subject: Do not loop on add_cred_from and other new methods

Several new GSS-API methods were added but GSSAPI_ADD_METHOD was
called to add them rather than GSSAPI_ADD_METHOD_NOLOOP. This means
that the implementation from the GSS-API mechglue would be used if the
mechanism had no implementation. As a result, the mechglue will call
into itself exhausting the call stack in an endless loop when one of
these methods is called.

ticket: 7926
---
src/lib/gssapi/mechglue/g_initialize.c | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/lib/gssapi/mechglue/g_initialize.c b/src/lib/gssapi/mechglue/g_initialize.c
index 7fab03d..f997096 100644
--- a/src/lib/gssapi/mechglue/g_initialize.c
+++ b/src/lib/gssapi/mechglue/g_initialize.c
@@ -731,11 +731,11 @@ build_dynamicMech(void *dl, const gss_OID mech_type)
GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_mech_for_saslname);
/* RFC 5587 */
GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_inquire_attrs_for_mech);
- GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_acquire_cred_from);
- GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_store_cred_into);
+ GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_acquire_cred_from);
+ GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_store_cred_into);
GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_acquire_cred_with_password);
- GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_export_cred);
- GSS_ADD_DYNAMIC_METHOD(dl, mech, gss_import_cred);
+ GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_export_cred);
+ GSS_ADD_DYNAMIC_METHOD_NOLOOP(dl, mech, gss_import_cred);
GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_sec_context_by_mech);
GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_name_by_mech);
GSS_ADD_DYNAMIC_METHOD(dl, mech, gssspi_import_cred_by_mech);

# Thu Jun 05 12:29:38 2014 ghudson@mit.edu (Greg Hudson) - Given to ghudson@mit.edu (Greg Hudson)

# Thu Jun 05 12:29:38 2014 ghudson@mit.edu (Greg Hudson) - Target_Version 1.12.2 added

# Thu Jun 05 12:29:38 2014 ghudson@mit.edu (Greg Hudson) - Status changed from 'new' to 'review'

# Thu Jun 05 12:29:38 2014 ghudson@mit.edu (Greg Hudson) - Tags pullup added

# Thu Jun 05 12:29:38 2014 ghudson@mit.edu (Greg Hudson) - Correspondence added

From:	ghudson@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 753B

Do not loop on add_cred_from and other new methods

Several new GSS-API methods were added but GSSAPI_ADD_METHOD was
called to add them rather than GSSAPI_ADD_METHOD_NOLOOP. This means
that the implementation from the GSS-API mechglue would be used if the
mechanism had no implementation. As a result, the mechglue will call
into itself exhausting the call stack in an endless loop when one of
these methods is called.

https://github.com/krb5/krb5/commit/41d38531043b99e8daa334f2b6ddf376adf1e878
Author: Sam Hartman <hartmans@debian.org>
Committer: Greg Hudson <ghudson@mit.edu>
Commit: 41d38531043b99e8daa334f2b6ddf376adf1e878
Branch: master
src/lib/gssapi/mechglue/g_initialize.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)

# Fri Jun 27 13:15:21 2014 tlyu (Taylor Yu) - Status changed from 'review' to 'resolved'

# Fri Jun 27 13:15:21 2014 tlyu (Taylor Yu) - Version_Fixed 1.12.2 added

# Fri Jun 27 13:15:21 2014 tlyu (Taylor Yu) - Correspondence added

From:	tlyu@mit.edu
Subject:	git commit

Download (untitled) / with headers
text/plain 818B

Do not loop on add_cred_from and other new methods

Several new GSS-API methods were added but GSSAPI_ADD_METHOD was
called to add them rather than GSSAPI_ADD_METHOD_NOLOOP. This means
that the implementation from the GSS-API mechglue would be used if the
mechanism had no implementation. As a result, the mechglue will call
into itself exhausting the call stack in an endless loop when one of
these methods is called.

(cherry picked from commit 41d38531043b99e8daa334f2b6ddf376adf1e878)

https://github.com/krb5/krb5/commit/62e3a3372ac483fca2f996fe12109d3536fd1d3e
Author: Sam Hartman <hartmans@debian.org>
Committer: Tom Yu <tlyu@mit.edu>
Commit: 62e3a3372ac483fca2f996fe12109d3536fd1d3e
Branch: krb5-1.12
src/lib/gssapi/mechglue/g_initialize.c | 8 ++++----
1 files changed, 4 insertions(+), 4 deletions(-)

# Wed Dec 16 18:03:02 2015 tlyu (Taylor Yu) - CustomField pullup deleted