Current-Users archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: kerberos issues with 10.0_BETA post openssl update
> Date: Wed, 6 Sep 2023 09:54:16 +1200
> From: Mark Davies <mark%ecs.vuw.ac.nz@localhost>
>
> OK, found a simpler reproducible crash. Run "kadmin -l" on a kdc and
> try to change a password.
>
> xen2# kadmin -l
> kadmin> passwd ecsproctor
> ecsproctor%ECS.VUW.AC.NZ@localhost's Password:
> Verifying - ecsproctor%ECS.VUW.AC.NZ@localhost's Password:
> Segmentation fault (core dumped)
>
> Here is the backtrace
>
> Core was generated by `kadmin'.
> Program terminated with signal SIGSEGV, Segmentation fault.
> #0 0x0000000000000000 in ?? ()
> (gdb) where
> #0 0x0000000000000000 in ?? ()
> #1 0x00007f11ca0423d4 in ARCFOUR_string_to_key (context=0x7f11cafc7000,
> enctype=KRB5_ENCTYPE_ARCFOUR_HMAC_MD5,
> password=..., salt=..., opaque=..., key=0x7f11caf514d8)
> at
> /src/work/10/src/crypto/external/bsd/heimdal/dist/lib/krb5/salt-arcfour.c:83
This looks like a jump to null in the RC4 logic using EVP_md4().
For EVP_rc4 we have a hack in Heimdal to do
EVP_CIPHER_fetch(NULL, "rc4", "provider=legacy")
but I'm not sure it actually works -- I can't get it to do anything in
a test program without also calling OSSL_PROVIDER_load("legacy"), at
which point it becomes unnecessary -- and we don't do it for MD4.
So if we can convince Heimdal to call OSSL_PROVIDER_load("legacy") at
some point on startup, I bet that will fix it.
It looks like the EVP_CIPHER_fetch hack (or EVP_MD_fetch hack) is also
a memory leak, according to
<https://www.openssl.org/docs/man3.0/man7/crypto.html>:
These functions usually have the name APINAME_fetch, where APINAME
is the name of the operation. For example EVP_MD_fetch(3) can be
used to explicitly fetch a digest algorithm implementation. The
user is responsible for freeing the object returned from the
APINAME_fetch function using APINAME_free when it is no longer
needed.
So I'm not sure we should be using it at all.
> as to the su issue, I think that is a separate problem related to
> revision 1.10 of pam_ksu.c. If I revert that then su works.
Got a stack trace for that?
Home |
Main Index |
Thread Index |
Old Index