[Bug 1648901] Re: SPNEGO crash on mechanism failure

Andy Whitcroft apw at canonical.com
Mon Jan 23 16:30:27 UTC 2017 

Hello dwmw2, or anyone else affected,

Accepted krb5 into xenial-proposed. The package will build now and be
available at https://launchpad.net/ubuntu/+source/krb5/1.13.2+dfsg-
5ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to
enable and use -proposed.  Your feedback will aid us getting this update
out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, and change the tag
from verification-needed to verification-done. If it does not fix the
bug for you, please add a comment stating that, and change the tag to
verification-failed.  In either case, details of your testing will help
us make a better decision.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance!

** Changed in: krb5 (Ubuntu Xenial)
       Status: In Progress => Fix Committed

** Tags added: verification-needed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to krb5 in Ubuntu.
https://bugs.launchpad.net/bugs/1648901

Title:
  SPNEGO crash on mechanism failure

Status in krb5 package in Ubuntu:
  Fix Released
Status in krb5 source package in Xenial:
  Fix Committed

Bug description:
  == SRU JUSTIFICATION ==

  [Impact]

  * Chrome (and other things) crash (segfault) when Kerberos fails to
  authenticate.

  Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffdd687700 (LWP 14851)]
  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  2315 ../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
  (gdb) bt
  #0 spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  #1 0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
      targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
      opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114

  * context_handle=0x0, segfault occurs trying to dereference a null
  pointer.

  [Test Case]

   * Reproducer

  See dwmw2's (reporter of the bug) comment #3 :
  https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1648901/comments/3

  [Regression Potential]

   * none expected Y and Z release already has the krb5 upstream patch.
   * Debian has the patch as well.
   * A test package has been tested by more than 1 user with success (can't reproduce the crash) anymore)

  [Other Info]

   * Upstream fix :
  https://github.com/krb5/krb5/commit/3beb564cea3d219efcf71682b6576cad548c2d23

  * Pull Request :
  https://github.com/krb5/krb5/pull/385

  * Chrome Bug :
  https://bugs.chromium.org/p/chromium/issues/detail?id=554905

  * A test pkg including the upstream commit has been proven to fix the
  crash. See:
  https://bugs.launchpad.net/ubuntu/xenial/+source/krb5/+bug/1648901/comments/9

  ==

  [Original Description]

  Chrome (and other things) crash when Kerberos fails to authenticate:
  https://bugs.chromium.org/p/chromium/issues/detail?id=554905

  This was fixed in MIT krb5 in January:
  https://github.com/krb5/krb5/pull/385

  Thread 22 "Chrome_IOThread" received signal SIGSEGV, Segmentation fault.
  [Switching to Thread 0x7fffdd687700 (LWP 14851)]
  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  2315	../../../../src/lib/gssapi/spnego/spnego_mech.c: No such file or directory.
  (gdb) bt
  #0  spnego_gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=0x0, src_name=0x7fffdd685670, targ_name=0x7fffdd685668,
      lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685660, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730, opened=0x7fffdd68572c)
      at ../../../../src/lib/gssapi/spnego/spnego_mech.c:2315
  #1  0x00007fffef72be54 in gss_inquire_context (minor_status=0x7fffdd68573c, context_handle=<optimized out>, src_name=0x7fffdd685788,
      targ_name=0x7fffdd685750, lifetime_rec=0x7fffdd685738, mech_type=0x7fffdd685780, ctx_flags=0x7fffdd685734, locally_initiated=0x7fffdd685730,
      opened=0x7fffdd68572c) at ../../../../src/lib/gssapi/mechglue/g_inq_context.c:114

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/krb5/+bug/1648901/+subscriptions

More information about the foundations-bugs mailing list