On 07/17/2017 07:48 PM, Joshua Schaeffer wrote:
>> 1222 rc = krb5_db_get_principal(context, mname, 0,
>> &master_entry);
>> 1223 if (rc == 0) {
>> 1224 *kvno = (krb5_kvno)
>> master_entry->key_data->key_data_kvno;
>> 1225 krb5_db_free_principal(context, master_entry);
>> 1226 } else
>> 1227 *kvno = 1;
>> 1228 }
>>
>> I don't really know where to go from here. I don't know this code well
>> enough to figure out why the segmentation error is occurring. Can anybody
>> help me out? If you need additional information, I'd be happy to provide.
The proximal bug is that master_entry->key_data is an array, bounded by
master_entry->n_key_data, and this code isn't checking if
master_entry->n_key_data > 0 before dereferencing the first element.
You could fix that bug (set *kvno = 1 if n_key_data is 0) and probably
get kdb5_util stash and kadmind to report an error rather than crash.
That leaves several mysteries, which I don't have the answer to:
* Why does the master DB entry (K/M) have no key data?
* Why isn't the code able to load the shared object from
/usr/local/lib/krb5/plugins/kdb/kldap? (It is probably falling back to
the module in the system directory which is the 1.13.x code, which is
why it continues to work at all.)
* Where is that "invalid file descriptor -1 in syscall write()" event
occurring in the code, and why? It happens before the master password
is read, so it's presumably not from the code that writes the stash file.
* Why didn't kdb5_ldap_util create -s make a stash file? (Did you
re-run kdb5_ldap_util create after locally building 1.15.1? If not, the
stash file might be in a different place than the 1.15.1 code is looking
for it.)
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
