On 12 Dec 2013, at 18:16, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 12 Dec 2013, at 18:00, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
BT: rad_recv: Access-Request packet from host 127.0.0.1 port 42335, id=16, length=103 User-Name = 'hachmer' User-Password = 'pass' NAS-IP-Address = 127.0.0.1 NAS-Port = 0 Message-Authenticator = 0xecaf11b4272d31821075a076004c4808 (4) # Executing section authorize from file /etc/raddb/sites-enabled/default (4) authorize { (4) filter_username filter_username { (4) ? if (User-Name != "%{tolower:%{User-Name}}")
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5b04285 in malloc_consolidate () from /lib64/libc.so.6
*sigh* It's a double free in libkrb5.
They free ctx->plugin_base_dir in krb5_free_context, but don't strdup it in krb5_copy_context.
The proper struct is hidden, only the type is exposed
Sorry whacked send too early:
The proper struct is hidden, only the type is exposed, so there's no way to calculate the offset of that field in the struct, and therefore no way to fix this problem from outside of the ctx_copy function.
I'll submit another bug report
Ok here are the pull requests for MIT krb5, i'll do the configure and packaging scripts tomorrow. https://github.com/krb5/krb5/pull/36 https://github.com/krb5/krb5/pull/37 https://github.com/krb5/krb5/pull/38 -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2