From rtdean@noisy.cytherianage.net  Sun Oct 12 02:21:41 2008
Return-Path: <rtdean@noisy.cytherianage.net>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D6A9F106568F
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Oct 2008 02:21:41 +0000 (UTC)
	(envelope-from rtdean@noisy.cytherianage.net)
Received: from noisy.cytherianage.net (noisy.cytherianage.net [209.222.140.14])
	by mx1.freebsd.org (Postfix) with ESMTP id 8A3EC8FC18
	for <FreeBSD-gnats-submit@freebsd.org>; Sun, 12 Oct 2008 02:21:41 +0000 (UTC)
	(envelope-from rtdean@noisy.cytherianage.net)
Received: (qmail 60436 invoked by uid 1000); 12 Oct 2008 02:01:14 -0000
Message-Id: <20081012020114.60435.qmail@noisy.cytherianage.net>
Date: 12 Oct 2008 02:01:14 -0000
From: Ryan T.Dean <rtdean@cytherianage.net>
Reply-To: Ryan T.Dean <rtdean@cytherianage.net>
To: FreeBSD-gnats-submit@freebsd.org
Cc: shaun@freebsd.org
Subject: [patch] security/heimdal ldap support broken under 7
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         128025
>Category:       ports
>Synopsis:       [patch] security/heimdal ldap support broken under 7
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          update
>Submitter-Id:   current-users
>Arrival-Date:   Sun Oct 12 02:30:01 UTC 2008
>Closed-Date:    Wed Sep 02 03:28:27 UTC 2009
>Last-Modified:  Wed Sep  2 03:30:08 UTC 2009
>Originator:     Ryan T. Dean
>Release:        FreeBSD 7.0-STABLE amd64
>Organization:
>Environment:
System: FreeBSD noisy.cytherianage.net 7.0-STABLE FreeBSD 7.0-STABLE #1: Mon Jul 14 04:40:56 UTC 2008 root@noisy.cytherianage.net:/usr/obj/usr/src/sys/GENERIC amd64
>Description:
The WITH_LDAP option in security/heimdal does not work under FreeBSD 7.  
If you attempt to initalize a realm, add or change a key, or perform any 
operation that affects the krb5Key attribute in the LDAP tree, the
program attempting the modification will segmentation fault.

The issue lies in heimdal-1.0.1/lib/hdb/hdb-ldap.c, in the 
LDAP_addmod_len() function.  When allocating memory to store the krb5Key
attribute, it only allocates enough memory for a pointer to a berval
structure, not enough memory for the structure itself.  This results in 
a memory alignment error, and each added krb5Key attribute ends up
clobbering the previous entry's data pointers.

This issue is present everywhere from 1.0 through the 1.2.1 release, and
will be fixed upstream when 1.2.2 is released.  This change was applied
upstream in change # 23726, and can be viewed via heimdal's fisheye at
http://www.h5l.org/fisheye/changelog/heimdal?cs=23726

This issue does not affect installations that are not using the LDAP hdb
available in Heimdal.

>How-To-Repeat:
Build the current port with WITH_LDAP enabled.
Attempt to initialize a test realm, i.e., EXAMPLE.COM using the LDAP 
backend.  (Instructions here: 
http://www.h5l.org/manual/heimdal-1-0-branch/info/heimdal.html#Using-LDAP-to-store-the-database
or
http://www.openinput.com/auth-howto/ ).  When you get to the step where
you inialize your heimdal database, kadmin will segfault.

>Fix:

Add the file patch-lib_hdb_hdb-ldap.c to the 'files' directory under
the security/heimdal port.  This is the same change from the changeset
listed above.

--- patch-lib_hdb_hdb-ldap.c begins here ---
--- lib/hdb/hdb-ldap.c	2008-10-12 01:15:38.000000000 +0000
+++ lib/hdb/hdb-ldap.c	2008-10-12 01:15:55.000000000 +0000
@@ -222,7 +222,7 @@
 
 	(*modlist)[cMods]->mod_bvalues = bv;
 
-	bv[i] = ber_memalloc(sizeof(*bv));;
+	bv[i] = ber_memalloc(sizeof(**bv));;
 	if (bv[i] == NULL)
 	    return ENOMEM;
 
--- patch-lib_hdb_hdb-ldap.c ends here ---


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports-bugs->shaun 
Responsible-Changed-By: edwin 
Responsible-Changed-When: Sun Oct 12 02:30:36 UTC 2008 
Responsible-Changed-Why:  
Over to maintainer (via the GNATS Auto Assign Tool) 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128025 
Responsible-Changed-From-To: shaun->freebsd-ports-bugs 
Responsible-Changed-By: shaun 
Responsible-Changed-When: Wed Jul 22 02:24:30 UTC 2009 
Responsible-Changed-Why:  
No longer under my maintainership. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128025 
State-Changed-From-To: open->closed 
State-Changed-By: bland 
State-Changed-When: Wed Sep 2 03:28:02 UTC 2009 
State-Changed-Why:  
Committed, thanks! 

http://www.freebsd.org/cgi/query-pr.cgi?pr=128025 

From: dfilter@FreeBSD.ORG (dfilter service)
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: ports/128025: commit references a PR
Date: Wed,  2 Sep 2009 03:27:43 +0000 (UTC)

 bland       2009-09-02 03:27:29 UTC
 
   FreeBSD ports repository
 
   Modified files:
     security/heimdal     Makefile 
   Added files:
     security/heimdal/files patch-lib__hdb__hdb-ldap.c 
   Log:
   Fix invalid malloc in LDAP backend.
   
   PR:     128025
   
   Revision  Changes    Path
   1.86      +1 -0      ports/security/heimdal/Makefile
   1.1       +11 -0     ports/security/heimdal/files/patch-lib__hdb__hdb-ldap.c (new)
 _______________________________________________
 cvs-all@freebsd.org mailing list
 http://lists.freebsd.org/mailman/listinfo/cvs-all
 To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
 
>Unformatted:
