[MDEV-17462] Heap corruption with auth_gssapi on Windows, in FreeContextAttributes() - Jira

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: Major
Resolution: Fixed
Affects Version/s: 10.1, 10.2, 10.3
Fix Version/s: 10.3.11, 10.1.37, 10.2.19
Component/s: Authentication and Privilege System, Platform Windows, Plugins
Labels:
None

Description

On Windows Server 2012 R2, in debug compiled mysqld (did not try optimized),
I see intermittent heap corruption when trying to use auth_gssapi authentication.

The line where it crashes is FreeContextAttrbutes() to free memory previously allocated previously with

QueryContextAttributes(ctxt, SECPKG_ATTR_NATIVE_NAMES, &native_names);

https://github.com/MariaDB/server/blob/df704b5a1b581f4f9a02b9310f2b2c8ef36eb98f/plugin/auth_gssapi/sspi_server.cc#L106

Apparently, FreeContextBuffer(&native_names) seems to be incorrect, since it refers
to structure on stack, rather than heap allocated by the structure members.

Attachments

Activity

People

Assignee:: Vladislav Vaintroub

Reporter:: Vladislav Vaintroub

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2018-10-15 21:01

Updated:: 2018-11-22 00:43

Resolved:: 2018-11-22 00:43