[CDRIVER-3486] libsasl buffer overflow with oversized kerberos msgs Created: 15/Jan/20 Updated: 28/Oct/23 Resolved: 12/Feb/20 |
|
| Status: | Closed |
| Project: | C Driver |
| Component/s: | auth, network |
| Affects Version/s: | 1.13.0 |
| Fix Version/s: | 1.17.0-beta, 1.17.0 |
| Type: | Bug | Priority: | Major - P3 |
| Reporter: | Luke Prochazka | Assignee: | Kevin Albertson |
| Resolution: | Fixed | Votes: | 1 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Linux client authenticating to Active Directory with GSSAPI (kerberos) authmech |
||
| Issue Links: |
|
||||||||
| Case: | (copied to CRM) | ||||||||
| Description |
|
Symptoms: Driver exception message "SASL Failure: (-3): overflowed buffer: generic server error" manifest when the kerberos ticket size exceeds the driver's predefined SASL 4K buffer. This is confirmed also via a stack trace of the driver:
Preliminary tests of increasing the buffer size appear to resolve the issue, though it is not clear if doing this has any knock on effects. Also to note when calculating the buffer size, the SASL payload is base64 encoded (thereby contributing to buffer bloat), and the Windows MaxTokenSize is 48K, should you wish to consider interoperability with Active Directory. |
| Comments |
| Comment by Githook User [ 12/Feb/20 ] |
|
Author: {'username': 'kevinAlbs', 'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com'}Message: C:\sasl\lib\sasl2.lib on Evergreen hosts is built for 64 bit. |
| Comment by Githook User [ 12/Feb/20 ] |
|
Author: {'username': 'kevinAlbs', 'name': 'Kevin Albertson', 'email': 'kevin.albertson@mongodb.com'}Message: |
| Comment by Githook User [ 12/Feb/20 ] |
|
Author: {'name': 'Kevin Albertson', 'username': 'kevinAlbs', 'email': 'kevin.albertson@mongodb.com'}Message: Instead of using a fixed size 4096 buffer, dynamically Also use libbson's base64 encoding/decoding instead of |