group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1648901] Re: SPNEGO crash on mechanism failure

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1648901@xxxxxxxxxxxxxxxxxx>
Date: Thu, 02 Feb 2017 17:31:50 -0000
Reply-to: Bug 1648901 <1648901@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package krb5 - 1.13.2+dfsg-5ubuntu2

---------------
krb5 (1.13.2+dfsg-5ubuntu2) xenial; urgency=medium

  * Fix segfault in context_handle (LP: #1648901).
    - d/p/check_internal_context_on_init_context_errors.patch:
    Cherry picked patch from upstream VCS.

 -- Eric Desrochers <eric.desrochers@xxxxxxxxxxxxx>  Mon, 16 Jan 2017
15:06:57 +0100

** Changed in: krb5 (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1648901

Title:
  SPNEGO crash on mechanism failure

Status in krb5 package in Ubuntu:
  Fix Released
Status in krb5 source package in Xenial:
  Fix Released

Bug description:
  == SRU JUSTIFICATION ==

  [Impact]

  * Chrome (and other things) crash (segfault) when Kerberos fails to
  authenticate.

  Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffdd687700 (LWP 14851)]
  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
  (gdb) bt
  #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
      targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
      opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114

  * context_handle=0x0, segfault occurs trying to dereference a null
  pointer.

  [Test Case]

   * Reproducer

  See dwmw2's (reporter of the bug) comment #3 :
  https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1648901/comments/3

  [Regression Potential]

   * none expected Y and Z release already has the krb5 upstream patch.
   * Debian has the patch as well.
   * A test package has been tested by more than 1 user with success (can't reproduce the crash) anymore)

  [Other Info]

   * Upstream fix :
  https://github.com/krb5/krb5/commit/3beb564cea3d219efcf71682b6576cad548c2d23

  * Pull Request :
  https://github.com/krb5/krb5/pull/385

  * Chrome Bug :
  https://bugs.chromium.org/p/chromium/issues/detail?id=554905

  * A test pkg including the upstream commit has been proven to fix the
  crash. See:
  https://bugs.launchpad.net/ubuntu/xenial/+source/krb5/+bug/1648901/comments/9

  ==

  [Original Description]

  Chrome (and other things) crash when Kerberos fails to authenticate:
  https://bugs.chromium.org/p/chromium/issues/detail?id=554905

  This was fixed in MIT krb5 in January:
  https://github.com/krb5/krb5/pull/385

  Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffdd687700 (LWP 14851)]
  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  2315	../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
  (gdb) bt
  #0  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  #1  0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
      targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
      opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1648901/+subscriptions