SMPS Crashing when loading Kerberos Authentication Scheme

Document ID : KB000117247
Last Modified Date : 10/10/2018
Show Technical Document Details
Issue:
Our Siteminder Policy Server is currently crashing once initializing the Kerberos authentication scheme.

How can we resolve this issue? 
Environment:
Policy Server Version: 12.52 SP1 CR6  Build: 2209
Cause:
[...] 

#16 0x00e5c6c8 in _shi_removeFromFreeList () from 
/app/D0G/siteminder/lib/libsmartheap_smp.so 

#17 0x00e5e8e2 in _shi_freeVar () from 
/app/D0G/siteminder/lib/libsmartheap_smp.so 

#18 0x00e5e7b4 in MemFreePtr () from 
/app/D0G/siteminder/lib/libsmartheap_smp.so 

#19 0x00e662e9 in free () from 
/app/D0G/siteminder/lib/libsmartheap_smp.so 

#20 0xa892dada in krb5int_sendto (context=0x1a4640a0, 
message=0x95a0c60, addrs=0xf1335860, reply=0xf13358d0, 
localaddr=0x0, localaddrlen=0x0, addr_used=0xf1335838) at 
../../../../src/lib/krb5/os/sendto_kdc.c:1195 

#21 0xa892c845 in krb5_sendto_kdc (context=0x1a4640a0, 
message=0x95a0c60, realm=0x10fee104, reply=0xf13358d0, 
use_master=0xf1335a64, tcp_only=8) at 
../../../../src/lib/krb5/os/sendto_kdc.c:384 

From the stack of the crash, we observed that the crash occurs when the product deallocates memory after communicating with the KDC. It could be a double free on the memory liberation or a corrupted memory segment or file descriptor. 

This communication mechanism is changed in latest KRB5 with improvements which have been included to the 12.52 SP1 CR8 Policy Server
Resolution:
Upgrade to the 12.52 SP1 CR8 Policy Server or above:

DE159909 - The Kerberos libraries are upgraded to Release 1.11.

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr08