This happens in KDC during ipa trust-add command:
ipa trust-add
==17706== Invalid read of size 1 ==17706== at 0x6CA5F1B: vfprintf (vfprintf.c:1635) ==17706== by 0x6D6A644: __vasprintf_chk (vasprintf_chk.c:66) ==17706== by 0x6D6A581: __asprintf_chk (asprintf_chk.c:33) ==17706== by 0x4E3B3C6: is_master_host (stdio2.h:178) ==17706== by 0x4E3C258: ipadb_get_pac (ipa_kdb_mspac.c:502) ==17706== by 0x4E3D6DA: ipadb_sign_authdata (ipa_kdb_mspac.c:2084) ==17706== by 0x527779D: krb5_db_sign_authdata (kdb5.c:2522) ==17706== by 0x11CC5A: handle_kdb_authdata (kdc_authdata.c:717) ==17706== by 0x11E138: handle_authdata (kdc_authdata.c:770) ==17706== by 0x10FAD1: finish_process_as_req (do_as_req.c:254) ==17706== by 0x11A5C4: enc_ts_verify (kdc_preauth_encts.c:145) ==17706== by 0x117D32: next_padata (kdc_preauth.c:1103) ==17706== Address 0x12c4bc0d is 0 bytes after a block of size 29 alloc'd ==17706== at 0x4C2845D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==17706== by 0x4E3C21B: ipadb_get_pac (ipa_kdb_mspac.c:491) ==17706== by 0x4E3D6DA: ipadb_sign_authdata (ipa_kdb_mspac.c:2084) ==17706== by 0x527779D: krb5_db_sign_authdata (kdb5.c:2522) ==17706== by 0x11CC5A: handle_kdb_authdata (kdc_authdata.c:717) ==17706== by 0x11E138: handle_authdata (kdc_authdata.c:770) ==17706== by 0x10FAD1: finish_process_as_req (do_as_req.c:254) ==17706== by 0x11A5C4: enc_ts_verify (kdc_preauth_encts.c:145) ==17706== by 0x117D32: next_padata (kdc_preauth.c:1103) ==17706== by 0x11060C: process_as_req (do_as_req.c:752) ==17706== by 0x10F001: dispatch (dispatch.c:190) ==17706== by 0x1224A4: process_packet (net-server.c:1623) ==17706== ==17706== Invalid read of size 1 ==17706== at 0x4C2B324: __GI_strlen (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==17706== by 0x7CED024: talloc_strdup (in /usr/lib64/libtalloc.so.2.0.8) ==17706== by 0x4E3C08F: ipadb_get_pac (ipa_kdb_mspac.c:514) ==17706== by 0x4E3D6DA: ipadb_sign_authdata (ipa_kdb_mspac.c:2084) ==17706== by 0x527779D: krb5_db_sign_authdata (kdb5.c:2522) ==17706== by 0x11CC5A: handle_kdb_authdata (kdc_authdata.c:717) ==17706== by 0x11E138: handle_authdata (kdc_authdata.c:770) ==17706== by 0x10FAD1: finish_process_as_req (do_as_req.c:254) ==17706== by 0x11A5C4: enc_ts_verify (kdc_preauth_encts.c:145) ==17706== by 0x117D32: next_padata (kdc_preauth.c:1103) ==17706== by 0x11060C: process_as_req (do_as_req.c:752) ==17706== by 0x10F001: dispatch (dispatch.c:190) ==17706== Address 0x12c4bc0d is 0 bytes after a block of size 29 alloc'd ==17706== at 0x4C2845D: malloc (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==17706== by 0x4E3C21B: ipadb_get_pac (ipa_kdb_mspac.c:491) ==17706== by 0x4E3D6DA: ipadb_sign_authdata (ipa_kdb_mspac.c:2084) ==17706== by 0x527779D: krb5_db_sign_authdata (kdb5.c:2522) ==17706== by 0x11CC5A: handle_kdb_authdata (kdc_authdata.c:717) ==17706== by 0x11E138: handle_authdata (kdc_authdata.c:770) ==17706== by 0x10FAD1: finish_process_as_req (do_as_req.c:254) ==17706== by 0x11A5C4: enc_ts_verify (kdc_preauth_encts.c:145) ==17706== by 0x117D32: next_padata (kdc_preauth.c:1103) ==17706== by 0x11060C: process_as_req (do_as_req.c:752) ==17706== by 0x10F001: dispatch (dispatch.c:190) ==17706== by 0x1224A4: process_packet (net-server.c:1623) ==17706==
Used ipa-kdb sources to verify the exact locations in the source ipa-kdb.tgz
This has been fixed by Martin's commit 740298d Closing
Metadata Update from @mkosek: - Issue assigned to simo - Issue set to the milestone: 0.0 NEEDS_TRIAGE
Login to comment on this ticket.