Kerberos authentication crashes on macOS

Description

When kerberos authentication is attempted on macOS, one or both peers can crash.
The crash happens in Condor_Auth_Kerberos::init_kerberos_context() when it calls krb5_auth_con_getaddrs(). Passing NULL for the third or fourth argument is apparently not allowed. This call appears to be pointless (nothing is done with any data it might return), so it can be removed. The same call to krb5_auth_con_getaddrs() in Condor_Auth_Kerberos::setRemoteAddress() is necessary, and will probably crash as well. That call should be fixable by supplying a non-NULL third argument.

The little documentation I can find about krb5_auth_con_getaddrs() is confusing, but mostly says a NULL value should be allowable for these parameters.

Also, there’s a memory leak in Condor_Auth_Kerberos::setRemoteAddress() if krb5_auth_con_getaddrs() fails or doesn’t allocate a krb5_address.

Due date

None

Time remaining

0m

Assignee

Jaime Frey

Is PATh development

None

Fix versions

Priority

Major

HTCondorCustomerGroup

CHTC

Components

Reporter

Jaime Frey