Thread: [BUGS] BUG #14690: Client GSSAPI / Kerberos auth crash

[BUGS] BUG #14690: Client GSSAPI / Kerberos auth crash

From
gdutton@inf.ed.ac.uk
Date:
The following bug has been logged on the website:

Bug reference:      14690
Logged by:          Graham Dutton
Email address:      gdutton@inf.ed.ac.uk
PostgreSQL version: 10beta1
Operating system:   Linux x86_64 (SL7.3)
Description:

Any attempt to use the PostgreSQL 10beta1 client library (whether via psql,
PGDG-provided psycopg2-2.7 or anything else using libpq) with valid Kerberos
ticket to 9.5/9.6 servers fails.

Taking "psql -h <server> <database>" as a test:
Expected behaviour: (same as 9.6 client) successful connection to the
server.
Actual behaviour: "*** Error in `psql': free(): invalid pointer:
0x00007f9d0e105fbc ***" reported on terminal, program aborts.

Note that connecting with an expired ticket "succeeds" insofar as it
presents the appropriate failure message. The trust, md5 auth types appear
to function normally.

Running through GDB I see:

#5  0x00007ffff7b9f553 in pg_GSS_continue (conn=conn@entry=0x6907f0,
payloadlen=payloadlen@entry=0) at fe-auth.c:152

which appears to be an invalid attempt at free() after the second GSS
"step":
  free(ginbuf.value);

I see that this code has changed a little since 9.6; this free() doesn't
exist in the previous codebase. I hope it's a simple error, but I haven't
traced the code sufficiently to determine why this comes to pass.

The rest of the error message available at:
https://gist.github.com/anonymous/b2158398a741322343e2c9fbeca8e734

The rest of the gdb backtrace available at:
https://gist.github.com/anonymous/4995e09fb17e7592abc2f460df5bb08f

I haven't attempted a 10beta1 server-to-server connection but it presumably
bears investigation if GSSAPI code has been similarly reorganised.

Cheers


--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs

Re: [BUGS] BUG #14690: Client GSSAPI / Kerberos auth crash

From
Euler Taveira
Date:
2017-06-05 10:09 GMT-03:00 <gdutton@inf.ed.ac.uk>:
Any attempt to use the PostgreSQL 10beta1 client library (whether via psql,
PGDG-provided psycopg2-2.7 or anything else using libpq) with valid Kerberos
ticket to 9.5/9.6 servers fails.

Taking "psql -h <server> <database>" as a test:
Expected behaviour: (same as 9.6 client) successful connection to the
server.
Actual behaviour: "*** Error in `psql': free(): invalid pointer:
0x00007f9d0e105fbc ***" reported on terminal, program aborts.



--
   Euler Taveira                                   Timbira - http://www.timbira.com.br/
   PostgreSQL: Consultoria, Desenvolvimento, Suporte 24x7 e Treinamento

Re: [BUGS] BUG #14690: Client GSSAPI / Kerberos auth crash

From
Heikki Linnakangas
Date:
On 06/05/2017 09:43 PM, Euler Taveira wrote:
> 2017-06-05 10:09 GMT-03:00 <gdutton@inf.ed.ac.uk>:
>
>> Any attempt to use the PostgreSQL 10beta1 client library (whether via psql,
>> PGDG-provided psycopg2-2.7 or anything else using libpq) with valid
>> Kerberos
>> ticket to 9.5/9.6 servers fails.
>>
>> Taking "psql -h <server> <database>" as a test:
>> Expected behaviour: (same as 9.6 client) successful connection to the
>> server.
>> Actual behaviour: "*** Error in `psql': free(): invalid pointer:
>> 0x00007f9d0e105fbc ***" reported on terminal, program aborts.
>>
>
> It seems the same as [1].
>
>
> [1]
> https://www.postgresql.org/message-id/6288d80e-a0bf-d4d3-4e12-7b79c77f1771%40iki.fi

Yep, I just committed a fix. Thanks for the report, nevertheless!

- Heikki



-- 
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs