[#MDEV-17462] Heap corruption with auth_gssapi on Windows, in FreeContextAttributes()

[MDEV-17462] Heap corruption with auth_gssapi on Windows, in FreeContextAttributes() Created: 2018-10-15 Updated: 2018-11-22 Resolved: 2018-11-22
Status:	Closed
Project:	MariaDB Server
Component/s:	Authentication and Privilege System, Platform Windows, Plugins
Affects Version/s:	10.1, 10.2, 10.3
Fix Version/s:	10.3.11, 10.1.37, 10.2.19

Type:

Bug

Priority:

Major

Reporter:

Vladislav Vaintroub

Assignee:

Vladislav Vaintroub

Resolution:

Fixed

Votes:

Labels:

None

Description

On Windows Server 2012 R2, in debug compiled mysqld (did not try optimized),
I see intermittent heap corruption when trying to use auth_gssapi authentication.

The line where it crashes is FreeContextAttrbutes() to free memory previously allocated previously with

QueryContextAttributes(ctxt, SECPKG_ATTR_NATIVE_NAMES, &native_names);

https://github.com/MariaDB/server/blob/df704b5a1b581f4f9a02b9310f2b2c8ef36eb98f/plugin/auth_gssapi/sspi_server.cc#L106

Apparently, FreeContextBuffer(&native_names) seems to be incorrect, since it refers
to structure on stack, rather than heap allocated by the structure members.

Generated at Thu Feb 08 08:36:39 UTC 2024 using Jira 8.20.16#820016-sha1:9d11dbea5f4be3d4cc21f03a88dd11d8c8687422.

[MDEV-17462] Heap corruption with auth_gssapi on Windows, in FreeContextAttributes() Created: 2018-10-15 Updated: 2018-11-22 Resolved: 2018-11-22