[Logout]
|
RT/krbdev.mit.edu: Ticket #2661 fake_getaddrinfo on address that doesn't reverse resolve causes crash |
Signed in as guest. [Logout] |
|
|
| History | Display mode: [Brief headers] [Full headers] |
| Mon Aug 9 13:50:36 2004 | lxs - Ticket created | ||||
Subject: fake_getaddrinfo on address that doesn't reverse resolve causes crash I tried to ssh to a machine whose name doesn't reverse resolve (meeroh.org) and ssh crashed. The last ssh log messages are: debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2003-0693 debug3: Trying to reverse map address 204.188.130.39. Bus error The crash logs says we are to blame. Host Name: elmekia-flame.mit.edu Date/Time: 2004-08-09 11:46:40 -0400 OS Version: 10.3.4 (Build 7H63) Report Version: 2 Command: ssh Path: /usr/bin/ssh Version: ??? (???) PID: 27202 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 libSystem.B.dylib 0x90006e40 strlen + 0x20 1 libSystem.B.dylib 0x9000cf58 strdup + 0x18 2 edu.mit.Kerberos 0x200a2784 fai_add_hosts_by_name + 0x234 3 edu.mit.Kerberos 0x200a23d0 fake_getaddrinfo + 0x1b4 4 edu.mit.Kerberos 0x200a1f54 krb5_sname_to_principal + 0xbc 5 edu.mit.Kerberos 0x20076148 krb5_gss_import_name + 0x114 6 ssh 0x000259d0 0x1000 + 0x249d0 7 ssh 0x00025bac 0x1000 + 0x24bac 8 ssh 0x00025150 0x1000 + 0x24150 9 ssh 0x0000ee80 0x1000 + 0xde80 10 ssh 0x0000d37c 0x1000 + 0xc37c 11 ssh 0x00006ee8 0x1000 + 0x5ee8 12 ssh 0x000058e0 0x1000 + 0x48e0 13 ssh 0x00005754 0x1000 + 0x4754 This is the krb5 trunk (fake-addrinfo.h revision 1.49) and Panther (10.3.4). Assigned to Ken because I think he worked on the fake getaddrinfo stuff last. |
Download (untitled) 1.5k |
||||
| Mon Aug 9 15:07:19 2004 | raeburn - Comments added | ||||
Cc: krb5-prs@mit.edu From: Ken Raeburn <raeburn@MIT.EDU> Subject: Re: [krbdev.mit.edu #2661] fake_getaddrinfo on address that doesn't reverse resolve causes crash Date: Mon, 9 Aug 2004 15:07:16 -0400 To: rt-comment@krbdev.mit.edu RT-Send-Cc: On Aug 9, 2004, at 13:50, Alexandra Ellwood via RT wrote: > I tried to ssh to a machine whose name doesn't reverse resolve > (meeroh.org) and ssh > crashed. The last ssh log messages are: > > debug1: Local version string SSH-2.0-OpenSSH_3.6.1p1+CAN-2003-0693 > debug3: Trying to reverse map address 204.188.130.39. > Bus error > > The crash logs says we are to blame. > > Host Name: elmekia-flame.mit.edu > Date/Time: 2004-08-09 11:46:40 -0400 > OS Version: 10.3.4 (Build 7H63) > Report Version: 2 > > Command: ssh > Path: /usr/bin/ssh > Version: ??? (???) > PID: 27202 > Thread: 0 > > Exception: EXC_BAD_ACCESS (0x0001) > Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 > > Thread 0 Crashed: > 0 libSystem.B.dylib 0x90006e40 strlen + 0x20 > 1 libSystem.B.dylib 0x9000cf58 strdup + 0x18 > 2 edu.mit.Kerberos 0x200a2784 fai_add_hosts_by_name + 0x234 > 3 edu.mit.Kerberos 0x200a23d0 fake_getaddrinfo + 0x1b4 > 4 edu.mit.Kerberos 0x200a1f54 krb5_sname_to_principal + 0xbc > 5 edu.mit.Kerberos 0x20076148 krb5_gss_import_name + 0x114 > This is the krb5 trunk (fake-addrinfo.h revision 1.49) and Panther > (10.3.4). > Assigned to Ken because I think he worked on the fake getaddrinfo > stuff last. Yep, probably so. I see two calls to strdup in that code. I'd guess that the two most likely failure cases are (1) getaddrinfo with the AI_CANONNAME flag set returns a NULL ai_canonname field, which may be violating the spec, if only I had some clue what spec Apple is actually trying to adhere to (getaddrinfo man page, anyone?), or (2) allocation fails in one strdup call, and the return value isn't checked, so the second call site may get a NULL pointer. (Actually, function inline expansion could add one more, but it should only call strdup(NULL) if a NULL hostname is passed in.) I can add checks for these. However, "ssh meeroh.org -vvv" doesn't crash for me, at least before the point of asking me to check the fingerprint of the key, using /usr/bin/ssh on Panther. Ken |
Download (untitled) 2k |
||||
| Mon Aug 9 15:21:57 2004 | lxs - Comments added | ||||
Sorry, I should have been more clear. It works fine on Panther with krb5-1.3.x. It only fails if you're using the 1.4 sources (ie: what's on the trunk now) which you wouldn't be unless you were me... So I would expect stock Panther ssh to succeed. |
Download (untitled) 252b |
||||
| Mon Aug 9 17:15:42 2004 | raeburn - Comments added | ||||
Cc: Ken Raeburn <raeburn@mit.edu>, krb5-prs@mit.edu From: Ken Raeburn <raeburn@MIT.EDU> Subject: Re: [krbdev.mit.edu #2661] fake_getaddrinfo on address that doesn't reverse resolve causes crash Date: Mon, 9 Aug 2004 17:15:21 -0400 To: rt-comment@krbdev.mit.edu RT-Send-Cc: We tracked it down, the problem is (1) Apple's getaddrinfo(dotted-quad, hints.flags=AI_CANONNAME) returns ai_canonname=NULL, (2) my getaddrinfo caching code expects ai_canonname to be non-null always, because it always sets AI_CANONNAME. (2) is easier to fix.... |
Download (untitled) 268b |
||||
| Tue Dec 7 23:48:14 2004 | raeburn - Status changed from open to resolved | ||||
| Tue Dec 7 23:48:15 2004 | raeburn - Comments added | ||||
I believe version 1.50 of include/fake-addrinfo.h fixed this problem. This was before the 1.4 branch point. |
Download (untitled) 107b |
||||
| Fri Dec 17 19:16:06 2004 | tlyu - Version_Fixed 1.4 added | ||||
