From bear@coyotesong.com Sat Jan 8 15:40:11 2000
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id PAA01595
for <bugs@RT-11.MIT.EDU>; Sat, 8 Jan 2000 15:40:11 -0500 (EST)
Received: from bgiles.dimensional.com by MIT.EDU with SMTP
id AA28610; Sat, 8 Jan 00 15:39:39 EST
Received: (from bear@localhost)
by eris.coyotesong.com (8.9.3/8.9.3/Debian/GNU) id NAA23226;
Sat, 8 Jan 2000 13:39:50 -0700
Message-Id: <200001082039.NAA23226@eris.coyotesong.com>
Date: Sat, 8 Jan 2000 13:39:50 -0700
From: bgiles@coyotesong.com
Reply-To: bgiles@coyotesong.com
To: krb5-bugs@MIT.EDU
Cc:
Subject: appl/bsd/login.c: attempt to free null ptr
X-Send-Pr-Version: 3.99
bgiles@coyotesong.com
System: Linux eris 2.2.13 #7 SMP Sat Oct 30 20:57:16 MDT 1999 i686 unknown
Architecture: i686
to connect was immediately terminated, even with the "-a none" option.
I was able to track that problem to the silent failure of login.krb5.
krb5_cc_destroy() was called without testing whether xtra_creds is null.
The problem was eliminated after moving this call into the prior
conditional, with suitable modifications.
begin 664 0006
M+2TM(&]L9"]S<F,O87!P;"]B<V0O;&]G:6XN8PE&<FD@1&5C(#$W(#$S.C0S
M.C0Y(#$Y.3D**RLK(&YE=R]S<F,O87!P;"]B<V0O;&]G:6XN8PE3870@2F%N
M("`X(#$R.C4S.C`X(#(P,#`*0$`@+3$V-#`L,3,@*S$V-#`L,3,@0$`*(`D@
M("`@8V]M7V5R<BAA<F=V6S!=+"!R971V86PL(")W:&5N(&EN:71I86QI>FEN
M9R!C86-H92(I.PH@"7T@96QS92!I9B`H<F5T=F%L(#T@:W)B-5]C8U]S=&]R
M95]C<F5D*&MC;VYT97AT+"!C8V%C:&4L("9M>5]C<F5D<RDI('L*(`D@("`@
M8V]M7V5R<BAA<F=V6S!=+"!R971V86PL(")W:&EL92!S=&]R:6YG(&-R961E
M;G1I86QS(BD["BT)?2!E;'-E(&EF("AX=')A7V-R961S("8F"BT)"2`@("AR
M971V86P@/2!K<F(U7V-C7V-O<'E?8W)E9',H:V-O;G1E>'0L('AT<F%?8W)E
M9',L"BT)"0D)"0EC8V%C:&4I*2D@>PHM"2`@("!C;VU?97)R*&%R9W9;,%TL
M(')E='9A;"P@(G=H:6QE('-T;W)I;F<@8W)E9&5N=&EA;',B*3L**PE](&5L
M<V4@:68@*'AT<F%?8W)E9',I('L**PD@("`@:68@*')E='9A;"`](&MR8C5?
M8V-?8V]P>5]C<F5D<RAK8V]N=&5X="P@>'1R85]C<F5D<RP@8V-A8VAE*2D@
M:V-O;G1E>'0L('AT<F%?8W)E9',I.PH@"7T*(`HM"6MR8C5?8V-?9&5S=')O
M<F5T=F%L(#T@:W)B-5]C8U]I;FET:6%L:7IE("AK8V]N=&5X="P@8V-A8VAE
@+"!M92DI*2!["B`)("`@('-Y<VQO9RA,3T=?15)2+`H`
`
end
Responsible-Changed-From-To: hartmans->raeburn
Responsible-Changed-By: raeburn
Responsible-Changed-When: Mon Feb 21 16:27:51 2000
Responsible-Changed-Why:
I'll take it...
State-Changed-From-To: open-feedback
State-Changed-By: raeburn
State-Changed-When: Mon Feb 21 16:27:56 2000
State-Changed-Why:
We got a slightly different patch for this from someone else. In any
case, it should be fixed in 1.2....
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Fri Sep 14 19:13:13 2001
State-Changed-Why:
has been fixed for a while; closing.
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id PAA01595
for <bugs@RT-11.MIT.EDU>; Sat, 8 Jan 2000 15:40:11 -0500 (EST)
Received: from bgiles.dimensional.com by MIT.EDU with SMTP
id AA28610; Sat, 8 Jan 00 15:39:39 EST
Received: (from bear@localhost)
by eris.coyotesong.com (8.9.3/8.9.3/Debian/GNU) id NAA23226;
Sat, 8 Jan 2000 13:39:50 -0700
Message-Id: <200001082039.NAA23226@eris.coyotesong.com>
Date: Sat, 8 Jan 2000 13:39:50 -0700
From: bgiles@coyotesong.com
Reply-To: bgiles@coyotesong.com
To: krb5-bugs@MIT.EDU
Cc:
Subject: appl/bsd/login.c: attempt to free null ptr
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 807
>Category: telnet
>Synopsis: appl/bsd/login.c attempts to free null pointer
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: raeburn
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sat Jan 8 15:41:01 EST 2000
>Last-Modified: Fri Sep 14 19:13:33 EDT 2001
>Originator: Bear Giles
>Organization:
Bear Giles>Category: telnet
>Synopsis: appl/bsd/login.c attempts to free null pointer
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: raeburn
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Sat Jan 8 15:41:01 EST 2000
>Last-Modified: Fri Sep 14 19:13:33 EDT 2001
>Originator: Bear Giles
>Organization:
bgiles@coyotesong.com
Show quoted text
>Release: krb5-1.1.1
>Environment:
Debian 2.1r5>Environment:
System: Linux eris 2.2.13 #7 SMP Sat Oct 30 20:57:16 MDT 1999 i686 unknown
Architecture: i686
Show quoted text
>Description:
Problem initially manifested itself with ktelnet/ktelnetd: every attempt to connect was immediately terminated, even with the "-a none" option.
I was able to track that problem to the silent failure of login.krb5.
Show quoted text
>How-To-Repeat:
It happens during every attempt to connect.Show quoted text
>Fix:
I determined that the problem occured near line 1644 in appl/bsd/login.c.krb5_cc_destroy() was called without testing whether xtra_creds is null.
The problem was eliminated after moving this call into the prior
conditional, with suitable modifications.
begin 664 0006
M+2TM(&]L9"]S<F,O87!P;"]B<V0O;&]G:6XN8PE&<FD@1&5C(#$W(#$S.C0S
M.C0Y(#$Y.3D**RLK(&YE=R]S<F,O87!P;"]B<V0O;&]G:6XN8PE3870@2F%N
M("`X(#$R.C4S.C`X(#(P,#`*0$`@+3$V-#`L,3,@*S$V-#`L,3,@0$`*(`D@
M("`@8V]M7V5R<BAA<F=V6S!=+"!R971V86PL(")W:&5N(&EN:71I86QI>FEN
M9R!C86-H92(I.PH@"7T@96QS92!I9B`H<F5T=F%L(#T@:W)B-5]C8U]S=&]R
M95]C<F5D*&MC;VYT97AT+"!C8V%C:&4L("9M>5]C<F5D<RDI('L*(`D@("`@
M8V]M7V5R<BAA<F=V6S!=+"!R971V86PL(")W:&EL92!S=&]R:6YG(&-R961E
M;G1I86QS(BD["BT)?2!E;'-E(&EF("AX=')A7V-R961S("8F"BT)"2`@("AR
M971V86P@/2!K<F(U7V-C7V-O<'E?8W)E9',H:V-O;G1E>'0L('AT<F%?8W)E
M9',L"BT)"0D)"0EC8V%C:&4I*2D@>PHM"2`@("!C;VU?97)R*&%R9W9;,%TL
M(')E='9A;"P@(G=H:6QE('-T;W)I;F<@8W)E9&5N=&EA;',B*3L**PE](&5L
M<V4@:68@*'AT<F%?8W)E9',I('L**PD@("`@:68@*')E='9A;"`](&MR8C5?
M8V-?8V]P>5]C<F5D<RAK8V]N=&5X="P@>'1R85]C<F5D<RP@8V-A8VAE*2D@
Show quoted text
M>PHK"0EC;VU?97)R*&%R9W9;,%TL(')E='9A;"P@(G=H:6QE('-T;W)I;F<@
M8W)E9&5N=&EA;',B*3L**PD@("`@?0HK"2`@("!K<F(U7V-C7V1E<W1R;WDHM:V-O;G1E>'0L('AT<F%?8W)E9',I.PH@"7T*(`HM"6MR8C5?8V-?9&5S=')O
Show quoted text
M>2AK8V]N=&5X="P@>'1R85]C<F5D<RD["B`@("`@?2!E;'-E(&EF("AF;W)W
M87)D961?=C5?=&EC:V5T<R`F)B!R97=R:71E7V-C86-H92D@>PH@"6EF("@HM<F5T=F%L(#T@:W)B-5]C8U]I;FET:6%L:7IE("AK8V]N=&5X="P@8V-A8VAE
@+"!M92DI*2!["B`)("`@('-Y<VQO9RA,3T=?15)2+`H`
`
end
Show quoted text
>Audit-Trail:
Responsible-Changed-From-To: hartmans->raeburn
Responsible-Changed-By: raeburn
Responsible-Changed-When: Mon Feb 21 16:27:51 2000
Responsible-Changed-Why:
I'll take it...
State-Changed-From-To: open-feedback
State-Changed-By: raeburn
State-Changed-When: Mon Feb 21 16:27:56 2000
State-Changed-Why:
We got a slightly different patch for this from someone else. In any
case, it should be fixed in 1.2....
State-Changed-From-To: feedback-closed
State-Changed-By: tlyu
State-Changed-When: Fri Sep 14 19:13:13 2001
State-Changed-Why:
has been fixed for a while; closing.
Show quoted text
>Unformatted:
<synopsis of the problem (one line)>