Subject: bin/12683: ssh with krb5 -> segmentation fault
To: None <gnats-bugs@gnats.netbsd.org>
From: None <itojun@itojun.org>
List: netbsd-bugs
Date: 04/17/2001 15:43:21
>Number: 12683
>Category: bin
>Synopsis: ssh with krb5 -> segmentation fault
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: bin-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Apr 16 23:44:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Jun-ichiro itojun Hagino
>Release: 1.5U
>Organization:
itojun.org
>Environment:
System: NetBSD starfruit.itojun.org 1.5U NetBSD 1.5U (STARFRUIT) #449: Tue Apr 17 02:03:38 JST 2001 itojun@starfruit.itojun.org:/usr/home/itojun/NetBSD/src/sys/arch/i386/compile/STARFRUIT i386
Architecture: i386
Machine: i386
>Description:
it looks that kerberos5 support code in ssh passes null pointer to
kerberos library.
>How-To-Repeat:
(gdb) run -v freefall.freebsd.org
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/home/itojun/NetBSD/src/usr.bin/ssh/ssh/obj.i386/ssh -v freefall.freebsd.org
OpenSSH_2.5.4 NetBSD_Secure_Shell-20010410, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
debug1: Reading configuration data /etc/ssh.conf
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: restore_uid
debug1: ssh_connect: getuid 1001 geteuid 1001 anon 1
debug1: Connecting to freefall.freebsd.org [3ffe:501:4819:ffff::d888:cc15] port 22.
debug1: temporarily_use_uid: 1001/1002 (e=1001)
debug1: restore_uid
debug1: temporarily_use_uid: 1001/1002 (e=1001)
debug1: restore_uid
debug1: Connection established.
debug1: identity file /home/itojun/.ssh/identity type 0
debug1: identity file /home/itojun/.ssh/id_rsa type -1
debug1: identity file /home/itojun/.ssh/id_dsa type 2
debug1: Remote protocol version 1.5, remote software version 1.2.27
debug1: no match: 1.2.27
debug1: Local version string SSH-1.5-OpenSSH_2.5.4 NetBSD_Secure_Shell-20010410
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'freefall.freebsd.org' is known and matches the RSA1 host key.
debug1: Found key in /home/itojun/.ssh/known_hosts:52
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying Kerberos V5 authentication.
Program received signal SIGSEGV, Segmentation fault.
0x480b581c in krb5_get_err_text ()
(gdb) bt
#0 0x480b581c in krb5_get_err_text ()
#1 0x805487c in try_krb5_authentication (context=0xbfbfd450,
auth_context=0xbfbfd44c)
at /usr/home/itojun/NetBSD/src/usr.bin/ssh/ssh/../../../crypto/dist/ssh/sshconnect1.c:521
#2 0x8055ca8 in ssh_userauth (local_user=0x8096550 "itojun",
server_user=0x8096570 "itojun", host=0x808b340 "freefall.freebsd.org",
own_host_key=0x0)
at /usr/home/itojun/NetBSD/src/usr.bin/ssh/ssh/../../../crypto/dist/ssh/sshconnect1.c:1163
#3 0x80539c9 in ssh_login (own_host_key=0x0,
orighost=0xbfbfd77d "freefall.freebsd.org", hostaddr=0x8084f80,
pw=0x808e240)
at /usr/home/itojun/NetBSD/src/usr.bin/ssh/ssh/../../../crypto/dist/ssh/sshconnect.c:766
#4 0x804d092 in main (ac=2, av=0xbfbfd68c)
at /usr/home/itojun/NetBSD/src/usr.bin/ssh/ssh/../../../crypto/dist/ssh/ssh.c:681
#5 0x804bb5d in ___start ()
(gdb) frame 1
#1 0x805487c in try_krb5_authentication (context=0xbfbfd450,
auth_context=0xbfbfd44c)
at /usr/home/itojun/NetBSD/src/usr.bin/ssh/ssh/../../../crypto/dist/ssh/sshconnect1.c:521
521 debug("Kerberos 5: krb5_init_context failed: %s",
(gdb) list
516
517 memset(&ap, 0, sizeof(ap));
518
519 problem = krb5_init_context(context);
520 if (problem) {
521 debug("Kerberos 5: krb5_init_context failed: %s",
522 krb5_get_err_text(*context, problem));
523 ret = 0;
524 goto out;
525 }
(gdb) print *context
$1 = 0x0
(gdb) print problem
$2 = 6
(gdb) print context
$3 = (krb5_context *) 0xbfbfd450
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: