[Dovecot] Dovecot 1.1.3 Kerberos5 GSSAPI bug (with patch)
The functionality added in changeset 818a638fa9a3 has a bug for x86_64 on line 103. The src/auth/mech-gssapi.c file must now include stdlib.h to have the declaration for getenv(). Otherwise, the compiler uses the implicit return type (int), which truncates the 8-byte pointer getenv() returns to a 4-byte value. This causes a segfault on subsequent reads. Here is debugger output illustrating the problem: (gdb) list 106 101 const char *path; 102 103 path = getenv("KRB5_KTNAME"); 104 if (path != NULL) { 105 #ifdef HAVE_GSSKRB5_REGISTER_ACCEPTOR_IDENTITY 106 gsskrb5_register_acceptor_identity(path); 107 #elif defined (HAVE_KRB5_GSS_REGISTER_ACCEPTOR_IDENTITY) 108 krb5_gss_register_acceptor_identity(path); 109 #endif 110 } (gdb) p/x getenv("KRB5_KTNAME") $32 = 0xb0d7aef7 (gdb) x/s 0xb0d7aef7 0xb0d7aef7:
(gdb) x/s 0x7fffb0d7aef7 0x7fffb0d7aef7: "/etc/dovecot/dovecot.keytab" A Mercurial bundle with a fix is attached, and here is the trivial patch to put in the needed #include: diff -r 43e55b9af85b src/auth/mech-gssapi.c --- a/src/auth/mech-gssapi.c Mon Sep 01 15:02:49 2008 +0300 +++ b/src/auth/mech-gssapi.c Wed Sep 03 11:37:33 2008 -0400 @@ -22,6 +22,8 @@ #include "safe-memset.h" #ifdef HAVE_GSSAPI + +#includeOn Wed, 2008-09-03 at 12:03 -0400, Matthew Wesley wrote:
The functionality added in changeset 818a638fa9a3 has a bug for x86_64 on line 103. The src/auth/mech-gssapi.c file must now include stdlib.h to have the declaration for getenv(). Otherwise, the compiler uses the implicit return type (int), which truncates the 8-byte pointer getenv() returns to a 4-byte value.
Thanks, fixed.
A Mercurial bundle with a fix is attached, and here is the trivial patch to put in the needed #include:
Sorry, I didn't notice the bundle first so you didn't get your name to the commit. Maybe next time. :)
On Thu, Sep 11, 2008 at 06:49:13PM +0300, Timo Sirainen wrote:
Thanks, fixed.
Amusingly, though, it looks like nobody else is even using this combination of architecture and configuration.
A Mercurial bundle with a fix is attached, and here is the trivial patch to put in the needed #include:
Sorry, I didn't notice the bundle first so you didn't get your name to the commit. Maybe next time. :)
It was worth a try. There's nothing like just adding an #include line but still getting your name in a commit log. ;-)
-- UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things. -- Doug Gwyn
participants (2)
-
Matthew Wesley
-
Timo Sirainen