[BUGS] BUG #14690: Client GSSAPI / Kerberos auth crash

The following bug has been logged on the website:

Bug reference:      14690
Logged by:          Graham Dutton
Email address:      gdutton@inf.ed.ac.uk
PostgreSQL version: 10beta1
Operating system:   Linux x86_64 (SL7.3)
Description:

Any attempt to use the PostgreSQL 10beta1 client library (whether via psql,
PGDG-provided psycopg2-2.7 or anything else using libpq) with valid Kerberos
ticket to 9.5/9.6 servers fails.

Taking "psql -h <server> <database>" as a test:
Expected behaviour: (same as 9.6 client) successful connection to the
server.
Actual behaviour: "*** Error in `psql': free(): invalid pointer:
0x00007f9d0e105fbc ***" reported on terminal, program aborts.

Note that connecting with an expired ticket "succeeds" insofar as it
presents the appropriate failure message. The trust, md5 auth types appear
to function normally.

Running through GDB I see:

#5  0x00007ffff7b9f553 in pg_GSS_continue (conn=conn@entry=0x6907f0,
payloadlen=payloadlen@entry=0) at fe-auth.c:152

which appears to be an invalid attempt at free() after the second GSS
"step":
  free(ginbuf.value);

I see that this code has changed a little since 9.6; this free() doesn't
exist in the previous codebase. I hope it's a simple error, but I haven't
traced the code sufficiently to determine why this comes to pass.

The rest of the error message available at:
https://gist.github.com/anonymous/b2158398a741322343e2c9fbeca8e734

The rest of the gdb backtrace available at:
https://gist.github.com/anonymous/4995e09fb17e7592abc2f460df5bb08f

I haven't attempted a 10beta1 server-to-server connection but it presumably
bears investigation if GSSAPI code has been similarly reorganised.

Cheers


--
Sent via pgsql-bugs mailing list (pgsql-bugs@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-bugs