[Bug 1648901] Re: SPNEGO crash on mechanism failure

Eric Desrochers eric.desrochers at canonical.com
Sat Dec 17 16:25:20 UTC 2016 

** Description changed:

+ == SRU JUSTIFICATION ==
+ 
+ [Impact]
+ 
+ Chrome (and other things) crash when Kerberos fails to authenticate:
+ https://bugs.chromium.org/p/chromium/issues/detail?id=554905
+ 
+ Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
+ [Switching to Thread 0x7fffdd687700 (LWP 14851)]
+ spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
+     lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
+     at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
+ 2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
+ (gdb) bt
+ #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
+     lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
+     at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
+ #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
+     targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
+     opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114
+ 
+ [Test Case]
+ 
+  * Reproducer
+ 
+ It needs Kerberos to fail, while another mechanism is possible.
+ So fix up the packaging errors noted in bug 1648898 so that GSS-NTLMSSP is actually registered properly, then just KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH
+ 
+ [Regression Potential]
+ 
+  * none expected Y and Z release already has the krb5 upstream patch.
+  * This was fixed in MIT krb5 in January:
+ https://github.com/krb5/krb5/pull/385
+ 
+ [Other Info]
+ 
+ [Original Description]
+ 
  Chrome (and other things) crash when Kerberos fails to authenticate:
  https://bugs.chromium.org/p/chromium/issues/detail?id=554905
  
  This was fixed in MIT krb5 in January:
  https://github.com/krb5/krb5/pull/385
  
  Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffdd687700 (LWP 14851)]
- spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, 
-     lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
-     at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
+ spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
+     lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
+     at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  2315	../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
  (gdb) bt
- #0  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668, 
-     lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
-     at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
- #1  0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788, 
-     targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, 
-     opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114
+ #0  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
+     lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
+     at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
+ #1  0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
+     targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
+     opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114

** Changed in: krb5 (Ubuntu)
   Importance: Low => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1648901

Title:
  SPNEGO crash on mechanism failure

Status in krb5 package in Ubuntu:
  In Progress

Bug description:
  == SRU JUSTIFICATION ==

  [Impact]

  Chrome (and other things) crash when Kerberos fails to authenticate:
  https://bugs.chromium.org/p/chromium/issues/detail?id=554905

  Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffdd687700 (LWP 14851)]
  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
  (gdb) bt
  #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
      targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
      opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114

  [Test Case]

   * Reproducer

  It needs Kerberos to fail, while another mechanism is possible.
  So fix up the packaging errors noted in bug 1648898 so that GSS-NTLMSSP is actually registered properly, then just KRB5CCNAME=/dev/null google-chrome $SOME_URL_WHICH_USES_NEGOTIATE_AUTH

  [Regression Potential]

   * none expected Y and Z release already has the krb5 upstream patch.
   * This was fixed in MIT krb5 in January:
  https://github.com/krb5/krb5/pull/385

  [Other Info]

  [Original Description]

  Chrome (and other things) crash when Kerberos fails to authenticate:
  https://bugs.chromium.org/p/chromium/issues/detail?id=554905

  This was fixed in MIT krb5 in January:
  https://github.com/krb5/krb5/pull/385

  Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffdd687700 (LWP 14851)]
  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  2315	../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
  (gdb) bt
  #0  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  #1  0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
      targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
      opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1648901/+subscriptions

More information about the foundations-bugs mailing list