[11445] in Kerberos-V5-bugs
[krbdev.mit.edu #6675] segfault in gss_export_sec_context
daemon@ATHENA.MIT.EDU (Arlene Berry" via RT)
Fri Mar 5 18:26:24 2010
Mail-followup-to: rt@krbdev.mit.edu
mail-copies-to: never
From: ""Arlene Berry" via RT" <rt-comment@krbdev.MIT.EDU>
In-Reply-To: <rt-6675@krbdev.mit.edu>
Message-ID: <rt-6675-32573.14.0746545611362@krbdev.mit.edu>
To: "'AdminCc of krbdev.mit.edu Ticket #6675'":;"'AdminCc of krbdev.mit.edu Ticket #6675'":;@MIT.EDU
Date: Fri, 5 Mar 2010 18:26:19 -0500 (EST)
Reply-To: rt-comment@krbdev.MIT.EDU
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: krb5-bugs-bounces@mit.edu
In src/lib/krb5/krb/authdata.c context is NULL and is dereferenced:
static krb5_error_code
k5_ad_size(krb5_context kcontext,
krb5_authdata_context context,
krb5_flags flags,
size_t *sizep)
{
int i;
krb5_error_code code = 0;
*sizep += sizeof(krb5_int32); /* count */
for (i = 0; i < context->n_modules; i++) {
The back trace is:
#0 0x0045dfcf in k5_ad_size (kcontext=0x8054af8, context=0x0, flags=15,
sizep=0xbffff078)
at krb5/src/lib/krb5/krb/authdata.c:162
#1 0x0045f7a2 in krb5_authdata_context_size (kcontext=0x8054af8,
ptr=0x0,
sizep=0xbffff078)
at krb5/src/lib/krb5/krb/authdata.c:1131 (line 1067 in your trunk)
#2 0x00484310 in krb5_size_opaque (kcontext=0x8054af8,
odtype=-1760647364,
arg=0x0, sizep=0xbffff078)
at krb5/src/lib/krb5/krb/serialize.c:104 (line 105 in your trunk)
#3 0x006ed9c3 in kg_ctx_size (kcontext=0x8054af8, arg=0x8053700,
sizep=0xbffff0b4)
at krb5/src/lib/gssapi/krb5/ser_sctx.c:361
_______________________________________________
krb5-bugs mailing list
krb5-bugs@mit.edu
https://mailman.mit.edu/mailman/listinfo/krb5-bugs
