Bug ID 555507: Under certain conditions, SSO plugin can overrun memory not owned by the plugin.

Last Modified: Feb 13, 2019

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.5.1, 11.5.1 HF1, 11.5.1 HF10, 11.5.1 HF11, 11.5.1 HF2, 11.5.1 HF3, 11.5.1 HF4, 11.5.1 HF5, 11.5.1 HF6, 11.5.1 HF7, 11.5.1 HF8, 11.5.1 HF9, 11.5.2, 11.5.2 HF1, 11.5.3, 11.5.3 HF1, 11.5.3 HF2, 11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 12.0.0

Fixed In:
12.1.0, 12.0.0 HF1, 11.6.1, 11.5.4

Opened: Nov 02, 2015
Severity: 2-Critical
Related AskF5 Article:
K88973987

Symptoms

Under certain conditions, SSO plugin can overrun memory not owned by the plugin. Symptoms could be different based on the owner of overrun memory.

Impact

Symptoms might differ based on the owner of overrun memory. Potentially, tmm could restart as a result of this issue.

Conditions

This occurs when the following conditions are met: 1. The BIG-IP system is configured and used as SAML Identity Provider. 2. Single Logout (SLO) protocol is configured on an attached SP connector. 3. At least one user executed SAML WebSSO profile.

Workaround

Disable SAML SLO: remove SLO request and SLO response URLs from configuration in appropriate SAML SP connectors.

Fix Information

SSO plugin no longer overruns memory not owned by the plugin, so the system supports the following configuration without memory issues: The BIG-IP system is configured and used as a SAML Identity Provider. Single Logout (SLO) protocol is configured on the attached Service Provider (SP) connector. At least one user executed SAML webSSO profile.

Behavior Change