Bug 128025 - [patch] security/heimdal ldap support broken under 7
Summary: [patch] security/heimdal ldap support broken under 7
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: Normal Affects Only Me
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-10-12 03:30 UTC by Ryan T. Dean
Modified: 2009-09-02 04:30 UTC (History)
1 user (show)

See Also:

Attachments
patch-lib_hdb_hdb-ldap.c (299 bytes, text/plain)
2008-10-12 03:30 UTC, Ryan T. Dean 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryan T. Dean 2008-10-12 03:30:01 UTC 
The WITH_LDAP option in security/heimdal does not work under FreeBSD 7.  
If you attempt to initalize a realm, add or change a key, or perform any 
operation that affects the krb5Key attribute in the LDAP tree, the
program attempting the modification will segmentation fault.

The issue lies in heimdal-1.0.1/lib/hdb/hdb-ldap.c, in the 
LDAP_addmod_len() function.  When allocating memory to store the krb5Key
attribute, it only allocates enough memory for a pointer to a berval
structure, not enough memory for the structure itself.  This results in 
a memory alignment error, and each added krb5Key attribute ends up
clobbering the previous entry's data pointers.

This issue is present everywhere from 1.0 through the 1.2.1 release, and
will be fixed upstream when 1.2.2 is released.  This change was applied
upstream in change # 23726, and can be viewed via heimdal's fisheye at
http://www.h5l.org/fisheye/changelog/heimdal?cs=23726

This issue does not affect installations that are not using the LDAP hdb
available in Heimdal.

Fix: Add the file patch-lib_hdb_hdb-ldap.c to the 'files' directory under
the security/heimdal port.  This is the same change from the changeset
listed above.
How-To-Repeat: Build the current port with WITH_LDAP enabled.
Attempt to initialize a test realm, i.e., EXAMPLE.COM using the LDAP 
backend.  (Instructions here: 
http://www.h5l.org/manual/heimdal-1-0-branch/info/heimdal.html#Using-LDAP-to-store-the-database
or
http://www.openinput.com/auth-howto/ ).  When you get to the step where
you inialize your heimdal database, kadmin will segfault.
Comment 1 Edwin Groothuis freebsd_committer freebsd_triage 2008-10-12 03:30:36 UTC 
Responsible Changed
From-To: freebsd-ports-bugs->shaun

Over to maintainer (via the GNATS Auto Assign Tool)
Comment 2 Shaun Amott freebsd_committer freebsd_triage 2009-07-22 03:24:30 UTC 
Responsible Changed
From-To: shaun->freebsd-ports-bugs

No longer under my maintainership.
Comment 3 dfilter service freebsd_committer freebsd_triage 2009-09-02 04:27:43 UTC 
bland       2009-09-02 03:27:29 UTC

  FreeBSD ports repository

  Modified files:
    security/heimdal     Makefile 
  Added files:
    security/heimdal/files patch-lib__hdb__hdb-ldap.c 
  Log:
  Fix invalid malloc in LDAP backend.
  
  PR:     128025
  
  Revision  Changes    Path
  1.86      +1 -0      ports/security/heimdal/Makefile
  1.1       +11 -0     ports/security/heimdal/files/patch-lib__hdb__hdb-ldap.c (new)
_______________________________________________
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "cvs-all-unsubscribe@freebsd.org"
Comment 4 Alexander Nedotsukov freebsd_committer freebsd_triage 2009-09-02 04:28:02 UTC 
State Changed
From-To: open->closed

Committed, thanks!