Issue

Our Siteminder Policy Server is currently crashing once initializing the Kerberos authentication scheme.

How can we resolve this issue?

Environment

Policy Server Version: 12.52 SP1 CR6 Build: 2209

Cause

[...]

#16 0x00e5c6c8 in _shi_removeFromFreeList () from
/app/D0G/siteminder/lib/libsmartheap_smp.so

#17 0x00e5e8e2 in _shi_freeVar () from
/app/D0G/siteminder/lib/libsmartheap_smp.so

#18 0x00e5e7b4 in MemFreePtr () from
/app/D0G/siteminder/lib/libsmartheap_smp.so

#19 0x00e662e9 in free () from
/app/D0G/siteminder/lib/libsmartheap_smp.so

#20 0xa892dada in krb5int_sendto (context=0x1a4640a0,
message=0x95a0c60, addrs=0xf1335860, reply=0xf13358d0,
localaddr=0x0, localaddrlen=0x0, addr_used=0xf1335838) at
../../../../src/lib/krb5/os/sendto_kdc.c:1195

#21 0xa892c845 in krb5_sendto_kdc (context=0x1a4640a0,
message=0x95a0c60, realm=0x10fee104, reply=0xf13358d0,
use_master=0xf1335a64, tcp_only=8) at
../../../../src/lib/krb5/os/sendto_kdc.c:384

From the stack of the crash, we observed that the crash occurs when the product deallocates memory after communicating with the KDC. It could be a double free on the memory liberation or a corrupted memory segment or file descriptor.

This communication mechanism is changed in latest KRB5 with improvements which have been included to the 12.52 SP1 CR8 Policy Server

Resolution

Upgrade to the 12.52 SP1 CR8 Policy Server or above:

DE159909 - The Kerberos libraries are upgraded to Release 1.11.

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr08

KD : KB000117247