From pcmacdon@tadpole.osg.gov.bc.ca Mon Apr 28 14:05:24 1997
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA18525 for <bugs@RT-11.MIT.EDU>; Mon, 28 Apr 1997 14:05:23 -0400
Received: from [142.32.110.27] by MIT.EDU with SMTP
id AA06687; Mon, 28 Apr 97 14:05:19 EDT
Received: (qmail 2595 invoked by uid 554); 28 Apr 1997 18:05:17 -0000
Message-Id: <19970428180517.2594.qmail@tadpole.osg.gov.bc.ca>
Date: 28 Apr 1997 18:05:17 -0000
From: pcmacdon@tadpole.osg.gov.bc.ca
Reply-To: pcmacdon@tadpole.osg.gov.bc.ca
To: krb5-bugs@MIT.EDU
Cc: pcmacdon@tadpole.osg.gov.bc.ca
Subject: krb5kdc dumps core for cross-realm between Linux and Solaris
X-Send-Pr-Version: 3.99
Received: from MIT.EDU (SOUTH-STATION-ANNEX.MIT.EDU [18.72.1.2]) by rt-11.MIT.EDU (8.7.5/8.7.3) with SMTP id OAA18525 for <bugs@RT-11.MIT.EDU>; Mon, 28 Apr 1997 14:05:23 -0400
Received: from [142.32.110.27] by MIT.EDU with SMTP
id AA06687; Mon, 28 Apr 97 14:05:19 EDT
Received: (qmail 2595 invoked by uid 554); 28 Apr 1997 18:05:17 -0000
Message-Id: <19970428180517.2594.qmail@tadpole.osg.gov.bc.ca>
Date: 28 Apr 1997 18:05:17 -0000
From: pcmacdon@tadpole.osg.gov.bc.ca
Reply-To: pcmacdon@tadpole.osg.gov.bc.ca
To: krb5-bugs@MIT.EDU
Cc: pcmacdon@tadpole.osg.gov.bc.ca
Subject: krb5kdc dumps core for cross-realm between Linux and Solaris
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 419
>Category: krb5-kdc
>Synopsis: krb5kdc dumps core for cross-realm between Linux and Solaris
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Apr 28 14:06:01 EDT 1997
>Last-Modified: Tue Jul 08 19:16:19 EDT 1997
>Originator:
>Organization:
>Category: krb5-kdc
>Synopsis: krb5kdc dumps core for cross-realm between Linux and Solaris
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: krb5-unassigned
>State: closed
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Mon Apr 28 14:06:01 EDT 1997
>Last-Modified: Tue Jul 08 19:16:19 EDT 1997
>Originator:
>Organization:
Show quoted text
_______________________________________________________________________
Peter MacDonald Open Systems Group
PH: (250) 387-4818 Pharmacare Network Project
PROFS: PCMACDON INTERNET: pcmacdon@tadpole.osg.gov.bc.ca
Peter MacDonald Open Systems Group
PH: (250) 387-4818 Pharmacare Network Project
PROFS: PCMACDON INTERNET: pcmacdon@tadpole.osg.gov.bc.ca
_______________________________________________________________________
System: Linux tadpole 2.0.24 #8 Thu Nov 7 09:26:09 PST 1996 i486
Architecture: i486
Original problem had KDC on Solaris talking to KDC on Linux.
Doing an rlogin would cause the KDC to core dump on destination.
Originally thought this was a problem with Solaris only, so
attempted to work around by putting both KDC's on the Linux
box and running with "krb5kdc -r A -r B". However, now
rlogin to Solaris causes kdc on Linux to core.
Cross realm between little/big endian?
Here is the (hopefully useful) GDB dump of event:
[root@keep kdc]# gdb ./krb5kdc core
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i586-unknown-linux), Copyright 1996 Free Software Foundation, Inc...wh
Core was generated by `./krb5kdc -r PNP.HLTH.GOV.BC.CA -r OSG.GOV.BC.CA'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.5.3.12...eredone.
Reading symbols from /lib/ld-linux.so.1...done.
#0 0x805a950 in krb5_dbekd_decrypt_key_data (context=0x80ad120,
eblock=0x80ad0f4, key_data=0xbfffe824, keyblock=0xbfffe7d8, keysalt=0x0)
at ./decrypt_key.c:58
58 krb5_kdb_decode_int16(ptr, tmplen);
(gdb) where
#0 0x805a950 in krb5_dbekd_decrypt_key_data (context=0x80ad120,
eblock=0x80ad0f4, key_data=0xbfffe824, keyblock=0xbfffe7d8, keysalt=0x0)
at ./decrypt_key.c:58
#1 0x8057f2f in krb5_ktkdb_get_entry (context=0x80ad120, id=0x80af4b0,
principal=0x80af9e0, kvno=3, enctype=1, entry=0xbfffe7c8)
at db/dbkeytab.c:104
#2 0x8057ffe in krb5_rd_req_decrypt_tkt_part (context=0x80ad120,
req=0x80af990, keytab=0x80af4b0) at ./rd_req_dec.c:77
#3 0x8058161 in krb5_rd_req_decoded_opt (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc,
check_valid_flag=0) at ./rd_req_dec.c:118
#4 0x8058619 in krb5_rd_req_decoded_anyflag (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc)
at ./rd_req_dec.c:317
#5 0x804d03f in kdc_process_tgs_req (request=0x80af668, from=0xbffffb50,
pkt=0xbffffb20, ticket=0xbfffe9fc, subkey=0xbfffeae0) at kdc_util.c:231
#6 0x804af0c in process_tgs_req (pkt=0xbffffb20, from=0xbffffb50,
portnum=7111, response=0xbffffb1c) at do_tgs_req.c:116
#7 0x8049c75 in dispatch (pkt=0xbffffb20, from=0xbffffb50, portnum=7111,
response=0xbffffb1c) at dispatch.c:54
#8 0x80551b6 in process_packet (port_fd=10, prog=0xbffffd34 "krb5kdc",
portnum=7111) at network.c:177
#9 0x8055417 in listen_and_process (prog=0xbffffd34 "krb5kdc")
at network.c:221
#10 0x8054aca in main (argc=5, argv=0xbffffc44) at main.c:912
#11 0x8049b6b in ___crt_dummy__ ()
(gdb) l
53 return ENOMEM;
54
55 keyblock->length = 0;
56 ptr = key_data->key_data_contents[0];
57 if (ptr && (ptr > 0x100) && *ptr) {
58 krb5_kdb_decode_int16(ptr, tmplen);
59 ptr += 2;
60 keyblock->length = (int) tmplen;
61 if ((retval = krb5_decrypt(context, (krb5_pointer) ptr,
62 (krb5_pointer)keyblock->contents,
(gdb) p ptr
$1 = (unsigned char *) 0x83 ""
(gdb) p *ptr
$2 = 0 '\000'
(gdb) p key_data
$3 = (krb5_key_data *) 0xbfffe824
(gdb) p *key_data
$4 = {key_data_ver = -2030, key_data_kvno = 2058, key_data_type = {-1892,
2058}, key_data_length = {-1891, 2058}, key_data_contents = {0x83 "",
0x8b ""}}
(gdb) p *keyblock
$5 = {magic = -1760647421, enctype = 4294965404, length = 0,
contents = 0x80b4418 "\t@\t@\210/\013\b\021\020"}
(gdb) p key_data->key_data_contents
$6 = {0x83 "", 0x8b ""}
(gdb) up
#1 0x8057f2f in krb5_ktkdb_get_entry (context=0x80ad120, id=0x80af4b0,
principal=0x80af9e0, kvno=3, enctype=1, entry=0xbfffe7c8)
at db/dbkeytab.c:104
104 if (kerror = krb5_dbekd_decrypt_key_data(context, master_key, key_data,
(gdb) l
99 }
100
101 /* match key */
102 krb5_dbm_db_get_mkey(context, id->ops, &master_key);
103 krb5_dbe_find_enctype(context, &db_entry, enctype, -1, kvno, &key_data);
104 if (kerror = krb5_dbekd_decrypt_key_data(context, master_key, key_data,
105 &entry->key, NULL))
106 goto error;
107
108 if (kerror = krb5_copy_principal(context, principal, &entry->principal))
(gdb) p *context
$7 = {magic = -1760647388, in_tkt_ktypes = 0x0, in_tkt_ktype_count = 0,
tgs_ktypes = 0x0, tgs_ktype_count = 0, os_context = 0x80ad588,
default_realm = 0x80ad778 "OSG.GOV.BC.CA", profile = 0x80ad1a8,
db_context = 0x80b1d30, ser_ctx_count = 0, ser_ctx = 0x0, clockskew = 300,
kdc_req_sumtype = 7, default_ap_req_sumtype = 7, default_safe_sumtype = 8,
kdc_default_options = 16, library_options = 0, profile_secure = 0,
fcc_default_format = 1283, scc_default_format = 1283}
(gdb) p *principal
$8 = {magic = -1760647423, realm = {magic = 0, length = 18,
data = 0x80afa00 "PNP.HLTH.GOV.BC.CA"}, data = 0x80afa38, length = 2,
type = 0}
(gdb) p *entry
$9 = {magic = 134937156, principal = 0x80afa44, timestamp = 134710707,
vno = 134937176, key = {magic = -1760647421, enctype = 4294965404,
length = 0, contents = 0x80b4418 "\t@\t@\210/\013\b\021\020"}}
(gdb) p *entry->principal
$10 = {magic = 134937152, realm = {magic = 13, length = 134937176,
data = 0x80afa50 "P\n\b\031"}, data = 0x19, length = 776426319,
type = 777408327}
(gdb) up
#2 0x8057ffe in krb5_rd_req_decrypt_tkt_part (context=0x80ad120,
req=0x80af990, keytab=0x80af4b0) at ./rd_req_dec.c:77
77 if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server,
(gdb) l
72 krb5_enctype enctype;
73 krb5_keytab_entry ktent;
74
75 enctype = req->ticket->enc_part.enctype;
76
77 if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server,
78 req->ticket->enc_part.kvno,
79 enctype, &ktent)))
80 return retval;
81
(gdb) p *keytab
$11 = {magic = -1760647382, ops = 0x80a6bf0, data = 0x80af4c0}
(gdb) p *keytab->data
Attempt to dereference a generic pointer.
(gdb) p *req
$12 = {magic = -1760647401, ap_options = 0, ticket = 0x80af9b8,
authenticator = {magic = -1760647418, enctype = 1, kvno = 0, ciphertext = {
magic = 0, length = 128,
data = 0x80afb30 "_a\203+}\216GpH0\215\027\212\225\035o]c\204\006O\rJ_\214-I@B\216O5Y/*\034i"}}}
(gdb) up
#3 0x8058161 in krb5_rd_req_decoded_opt (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc,
check_valid_flag=0) at ./rd_req_dec.c:118
118 if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, keytab)))
(gdb) p *server
$13 = {magic = -1760647423, realm = {magic = 0, length = 18,
data = 0x80afa00 "PNP.HLTH.GOV.BC.CA"}, data = 0x80afa38, length = 2,
type = 0}
(gdb) p *keytab
$14 = {magic = -1760647382, ops = 0x80a6bf0, data = 0x80af4c0}
(gdb) up
#4 0x8058619 in krb5_rd_req_decoded_anyflag (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc)
at ./rd_req_dec.c:317
317 retval = krb5_rd_req_decoded_opt(context, auth_context,
(gdb) up
#5 0x804d03f in kdc_process_tgs_req (request=0x80af668, from=0xbffffb50,
pkt=0xbffffb20, ticket=0xbfffe9fc, subkey=0xbfffeae0) at kdc_util.c:231
231 if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq,
(gdb) l
226 krb5_free_keyblock(kdc_context, key);
227 if (retval)
228 goto cleanup_auth_context;
229 */
230
231 if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq,
232 apreq->ticket->server,
233 kdc_active_realm->realm_keytab,
234 NULL, ticket))) {
235 /*
(gdb) p *auth_context
$15 = {magic = -1760647383, remote_addr = 0x80afc00, remote_port = 0x0,
local_addr = 0x0, local_port = 0x0, keyblock = 0x0, local_subkey = 0x0,
remote_subkey = 0x0, auth_context_flags = 65537, remote_seq_number = 0,
local_seq_number = 0, authentp = 0x0, req_cksumtype = 7, safe_cksumtype = 8,
i_vector = 0x0, rcache = 0x80af590}
(gdb) lKupKp apreq
$16 = (krb5_ap_req *) 0x80af990
(gdb) p *apreq
$17 = {magic = -1760647401, ap_options = 0, ticket = 0x80af9b8,
authenticator = {magic = -1760647418, enctype = 1, kvno = 0, ciphertext = {
magic = 0, length = 128,
data = 0x80afb30 "_a\203+}\216GpH0\215\027\212\225\035o]c\204\006O\rJ_\214-I@B\216O5Y/*\034i"}}}
(gdb) p *kdc_active_realm
$18 = {realm_name = 0xbffffd55 "OSG.GOV.BC.CA", realm_context = 0x80ad120,
realm_keytab = 0x80af4b0, realm_profile = 0x0,
realm_dbname = 0x80ad2e0 "/usr/krb/lib/krb5kdc/osg.gov.bc.ca/principal",
realm_stash = 0x80b1c60 "/usr/krb/lib/krb5kdc/osg.gov.bc.ca/.k5stash",
realm_mpname = 0x80ad318 "K/M", realm_mprinc = 0x80b1c90, realm_mkey = {
magic = -1760647421, enctype = 1, length = 8,
contents = 0x80ad178 "\224LW\177GOV.BC.C\030"}, realm_mkvno = 1,
realm_tgsprinc = 0x80b1d60, realm_tgskey = {magic = -1760647421,
enctype = 1, length = 8, contents = 0x80af550 "\212\221\224L\026J"},
realm_tgskvno = 1, realm_encblock = {magic = 0, crypto_entry = 0x80a6ea0,
key = 0x80ad0c8, priv = 0x80af428, priv_size = 128},
realm_ports = 0x80ad328 "7111", realm_maxlife = 36000,
realm_maxrlife = 604800, realm_kstypes = 0x80b1df8, realm_nkstypes = 7}
(gdb) p ticket
$19 = (krb5_ticket **) 0xbfffe9fc
(gdb) p *ticket
$20 = (krb5_ticket *) 0x0
(gdb) p *Kup
#6 0x804af0c in process_tgs_req (pkt=0xbffffb20, from=0xbffffb50,
portnum=7111, response=0xbffffb1c) at do_tgs_req.c:116
116 errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket, &subkey);
(gdb) l
111 status = "UNPARSING SERVER";
112 goto cleanup;
113 }
114
115 /* errcode = kdc_process_tgs_req(request, from, pkt, &req_authdat); */
116 errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket, &subkey);
117
118 if (header_ticket && header_ticket->enc_part2 &&
119 (errcode2 = krb5_unparse_name(kdc_context,
120 header_ticket->enc_part2->client,
(gdb) p *from
$21 = {address = 0xbffffb2c, port = 1128}
(gdb) p *response
$22 = (krb5_data *) 0x80a7444
(gdb) p **response
$23 = {magic = 1073877836, length = 134518222, data = 0x40022ae8 "VS"}
(gdb) up
#7 0x8049c75 in dispatch (pkt=0xbffffb20, from=0xbffffb50, portnum=7111,
response=0xbffffb1c) at dispatch.c:54
54 retval = process_tgs_req(pkt, from, portnum, response);
(gdb) l
49 return 0;
50 }
51 /* try TGS_REQ first; they are more common! */
52
53 if (krb5_is_tgs_req(pkt)) {
54 retval = process_tgs_req(pkt, from, portnum, response);
55 } else if (krb5_is_as_req(pkt)) {
56 if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
57 /*
58 * setup_server_realm() sets up the global realm-specific data
(gdb) p Kup
#8 0x80551b6 in process_packet (port_fd=10, prog=0xbffffd34 "krb5kdc",
portnum=7111) at network.c:177
177 if ((retval = dispatch(&request, &faddr, portnum, &response))) {
(gdb) up
#9 0x8055417 in listen_and_process (prog=0xbffffd34 "krb5kdc")
at network.c:221
221 process_packet(udp_port_fds[i], prog, udp_port_nums[i]);
(gdb) up
#10 0x8054aca in main (argc=5, argv=0xbffffc44) at main.c:912
912 if ((retval = listen_and_process(argv[0]))) {
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: tlyu
Responsible-Changed-When: Mon Jul 7 21:11:06 1997
Responsible-Changed-Why:
refiled
From: Tom Yu <tlyu@MIT.EDU>
To: pcmacdon@tadpole.osg.gov.bc.ca
Cc: krb5-bugs@MIT.EDU, pcmacdon@tadpole.osg.gov.bc.ca
Subject: Re: krb5-kdc/419: krb5kdc dumps core for cross-realm between Linux and Solaris
Date: Mon, 7 Jul 1997 21:12:58 -0400 (EDT)
How repeatable is this coredump? Have you tried the 1.0-pl1 release?
That release fixes a few bugs in the kdc code.
---Tom
From: Tom Yu <tlyu@MIT.EDU>
To: Unassigned Problem Report <krb5-unassigned@RT-11.MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/419: krb5kdc dumps core for cross-realm between Linux and Solaris
Date: Mon, 7 Jul 1997 21:13:11 -0400 (EDT)
`Tom Yu' made changes to this PR.
From: pmacdona@tadpole.osg.gov.bc.ca
To: tlyu@MIT.EDU (Tom Yu)
Cc: Subject: Re: krb5-kdc/419: krb5kdc dumps core for cross-realm between Linux and Solaris
Date: Mon, 7 Jul 1997 21:36:30 -0700 (PDT)
Yes, upgrading to PL1 fixed it. Thanks
Peter
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Jul 8 19:15:59 1997
State-Changed-Why:
Was fixed in pl1.
>Release: 1.0
>Environment:
Linux to/from Solaris>Environment:
System: Linux tadpole 2.0.24 #8 Thu Nov 7 09:26:09 PST 1996 i486
Architecture: i486
>Description:
Original problem had KDC on Solaris talking to KDC on Linux.
Doing an rlogin would cause the KDC to core dump on destination.
Originally thought this was a problem with Solaris only, so
attempted to work around by putting both KDC's on the Linux
box and running with "krb5kdc -r A -r B". However, now
rlogin to Solaris causes kdc on Linux to core.
>How-To-Repeat:
Cross realm between little/big endian?
>Fix:
Here is the (hopefully useful) GDB dump of event:
[root@keep kdc]# gdb ./krb5kdc core
GDB is free software and you are welcome to distribute copies of it
under certain conditions; type "show copying" to see the conditions.
There is absolutely no warranty for GDB; type "show warranty" for details.
GDB 4.16 (i586-unknown-linux), Copyright 1996 Free Software Foundation, Inc...wh
Core was generated by `./krb5kdc -r PNP.HLTH.GOV.BC.CA -r OSG.GOV.BC.CA'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libc.so.5.3.12...eredone.
Reading symbols from /lib/ld-linux.so.1...done.
#0 0x805a950 in krb5_dbekd_decrypt_key_data (context=0x80ad120,
eblock=0x80ad0f4, key_data=0xbfffe824, keyblock=0xbfffe7d8, keysalt=0x0)
at ./decrypt_key.c:58
58 krb5_kdb_decode_int16(ptr, tmplen);
(gdb) where
#0 0x805a950 in krb5_dbekd_decrypt_key_data (context=0x80ad120,
eblock=0x80ad0f4, key_data=0xbfffe824, keyblock=0xbfffe7d8, keysalt=0x0)
at ./decrypt_key.c:58
#1 0x8057f2f in krb5_ktkdb_get_entry (context=0x80ad120, id=0x80af4b0,
principal=0x80af9e0, kvno=3, enctype=1, entry=0xbfffe7c8)
at db/dbkeytab.c:104
#2 0x8057ffe in krb5_rd_req_decrypt_tkt_part (context=0x80ad120,
req=0x80af990, keytab=0x80af4b0) at ./rd_req_dec.c:77
#3 0x8058161 in krb5_rd_req_decoded_opt (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc,
check_valid_flag=0) at ./rd_req_dec.c:118
#4 0x8058619 in krb5_rd_req_decoded_anyflag (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc)
at ./rd_req_dec.c:317
#5 0x804d03f in kdc_process_tgs_req (request=0x80af668, from=0xbffffb50,
pkt=0xbffffb20, ticket=0xbfffe9fc, subkey=0xbfffeae0) at kdc_util.c:231
#6 0x804af0c in process_tgs_req (pkt=0xbffffb20, from=0xbffffb50,
portnum=7111, response=0xbffffb1c) at do_tgs_req.c:116
#7 0x8049c75 in dispatch (pkt=0xbffffb20, from=0xbffffb50, portnum=7111,
response=0xbffffb1c) at dispatch.c:54
#8 0x80551b6 in process_packet (port_fd=10, prog=0xbffffd34 "krb5kdc",
portnum=7111) at network.c:177
#9 0x8055417 in listen_and_process (prog=0xbffffd34 "krb5kdc")
at network.c:221
#10 0x8054aca in main (argc=5, argv=0xbffffc44) at main.c:912
#11 0x8049b6b in ___crt_dummy__ ()
(gdb) l
53 return ENOMEM;
54
55 keyblock->length = 0;
56 ptr = key_data->key_data_contents[0];
57 if (ptr && (ptr > 0x100) && *ptr) {
58 krb5_kdb_decode_int16(ptr, tmplen);
59 ptr += 2;
60 keyblock->length = (int) tmplen;
61 if ((retval = krb5_decrypt(context, (krb5_pointer) ptr,
62 (krb5_pointer)keyblock->contents,
(gdb) p ptr
$1 = (unsigned char *) 0x83 ""
(gdb) p *ptr
$2 = 0 '\000'
(gdb) p key_data
$3 = (krb5_key_data *) 0xbfffe824
(gdb) p *key_data
$4 = {key_data_ver = -2030, key_data_kvno = 2058, key_data_type = {-1892,
2058}, key_data_length = {-1891, 2058}, key_data_contents = {0x83 "",
0x8b ""}}
(gdb) p *keyblock
$5 = {magic = -1760647421, enctype = 4294965404, length = 0,
contents = 0x80b4418 "\t@\t@\210/\013\b\021\020"}
(gdb) p key_data->key_data_contents
$6 = {0x83 "", 0x8b ""}
(gdb) up
#1 0x8057f2f in krb5_ktkdb_get_entry (context=0x80ad120, id=0x80af4b0,
principal=0x80af9e0, kvno=3, enctype=1, entry=0xbfffe7c8)
at db/dbkeytab.c:104
104 if (kerror = krb5_dbekd_decrypt_key_data(context, master_key, key_data,
(gdb) l
99 }
100
101 /* match key */
102 krb5_dbm_db_get_mkey(context, id->ops, &master_key);
103 krb5_dbe_find_enctype(context, &db_entry, enctype, -1, kvno, &key_data);
104 if (kerror = krb5_dbekd_decrypt_key_data(context, master_key, key_data,
105 &entry->key, NULL))
106 goto error;
107
108 if (kerror = krb5_copy_principal(context, principal, &entry->principal))
(gdb) p *context
$7 = {magic = -1760647388, in_tkt_ktypes = 0x0, in_tkt_ktype_count = 0,
tgs_ktypes = 0x0, tgs_ktype_count = 0, os_context = 0x80ad588,
default_realm = 0x80ad778 "OSG.GOV.BC.CA", profile = 0x80ad1a8,
db_context = 0x80b1d30, ser_ctx_count = 0, ser_ctx = 0x0, clockskew = 300,
kdc_req_sumtype = 7, default_ap_req_sumtype = 7, default_safe_sumtype = 8,
kdc_default_options = 16, library_options = 0, profile_secure = 0,
fcc_default_format = 1283, scc_default_format = 1283}
(gdb) p *principal
$8 = {magic = -1760647423, realm = {magic = 0, length = 18,
data = 0x80afa00 "PNP.HLTH.GOV.BC.CA"}, data = 0x80afa38, length = 2,
type = 0}
(gdb) p *entry
$9 = {magic = 134937156, principal = 0x80afa44, timestamp = 134710707,
vno = 134937176, key = {magic = -1760647421, enctype = 4294965404,
length = 0, contents = 0x80b4418 "\t@\t@\210/\013\b\021\020"}}
(gdb) p *entry->principal
$10 = {magic = 134937152, realm = {magic = 13, length = 134937176,
data = 0x80afa50 "P\n\b\031"}, data = 0x19, length = 776426319,
type = 777408327}
(gdb) up
#2 0x8057ffe in krb5_rd_req_decrypt_tkt_part (context=0x80ad120,
req=0x80af990, keytab=0x80af4b0) at ./rd_req_dec.c:77
77 if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server,
(gdb) l
72 krb5_enctype enctype;
73 krb5_keytab_entry ktent;
74
75 enctype = req->ticket->enc_part.enctype;
76
77 if ((retval = krb5_kt_get_entry(context, keytab, req->ticket->server,
78 req->ticket->enc_part.kvno,
79 enctype, &ktent)))
80 return retval;
81
(gdb) p *keytab
$11 = {magic = -1760647382, ops = 0x80a6bf0, data = 0x80af4c0}
(gdb) p *keytab->data
Attempt to dereference a generic pointer.
(gdb) p *req
$12 = {magic = -1760647401, ap_options = 0, ticket = 0x80af9b8,
authenticator = {magic = -1760647418, enctype = 1, kvno = 0, ciphertext = {
magic = 0, length = 128,
data = 0x80afb30 "_a\203+}\216GpH0\215\027\212\225\035o]c\204\006O\rJ_\214-I@B\216O5Y/*\034i"}}}
(gdb) up
#3 0x8058161 in krb5_rd_req_decoded_opt (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc,
check_valid_flag=0) at ./rd_req_dec.c:118
118 if ((retval = krb5_rd_req_decrypt_tkt_part(context, req, keytab)))
(gdb) p *server
$13 = {magic = -1760647423, realm = {magic = 0, length = 18,
data = 0x80afa00 "PNP.HLTH.GOV.BC.CA"}, data = 0x80afa38, length = 2,
type = 0}
(gdb) p *keytab
$14 = {magic = -1760647382, ops = 0x80a6bf0, data = 0x80af4c0}
(gdb) up
#4 0x8058619 in krb5_rd_req_decoded_anyflag (context=0x80ad120,
auth_context=0xbfffe8bc, req=0x80af990, server=0x80af9e0,
keytab=0x80af4b0, ap_req_options=0x0, ticket=0xbfffe9fc)
at ./rd_req_dec.c:317
317 retval = krb5_rd_req_decoded_opt(context, auth_context,
(gdb) up
#5 0x804d03f in kdc_process_tgs_req (request=0x80af668, from=0xbffffb50,
pkt=0xbffffb20, ticket=0xbfffe9fc, subkey=0xbfffeae0) at kdc_util.c:231
231 if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq,
(gdb) l
226 krb5_free_keyblock(kdc_context, key);
227 if (retval)
228 goto cleanup_auth_context;
229 */
230
231 if ((retval = krb5_rd_req_decoded_anyflag(kdc_context, &auth_context, apreq,
232 apreq->ticket->server,
233 kdc_active_realm->realm_keytab,
234 NULL, ticket))) {
235 /*
(gdb) p *auth_context
$15 = {magic = -1760647383, remote_addr = 0x80afc00, remote_port = 0x0,
local_addr = 0x0, local_port = 0x0, keyblock = 0x0, local_subkey = 0x0,
remote_subkey = 0x0, auth_context_flags = 65537, remote_seq_number = 0,
local_seq_number = 0, authentp = 0x0, req_cksumtype = 7, safe_cksumtype = 8,
i_vector = 0x0, rcache = 0x80af590}
(gdb) lKupKp apreq
$16 = (krb5_ap_req *) 0x80af990
(gdb) p *apreq
$17 = {magic = -1760647401, ap_options = 0, ticket = 0x80af9b8,
authenticator = {magic = -1760647418, enctype = 1, kvno = 0, ciphertext = {
magic = 0, length = 128,
data = 0x80afb30 "_a\203+}\216GpH0\215\027\212\225\035o]c\204\006O\rJ_\214-I@B\216O5Y/*\034i"}}}
(gdb) p *kdc_active_realm
$18 = {realm_name = 0xbffffd55 "OSG.GOV.BC.CA", realm_context = 0x80ad120,
realm_keytab = 0x80af4b0, realm_profile = 0x0,
realm_dbname = 0x80ad2e0 "/usr/krb/lib/krb5kdc/osg.gov.bc.ca/principal",
realm_stash = 0x80b1c60 "/usr/krb/lib/krb5kdc/osg.gov.bc.ca/.k5stash",
realm_mpname = 0x80ad318 "K/M", realm_mprinc = 0x80b1c90, realm_mkey = {
magic = -1760647421, enctype = 1, length = 8,
contents = 0x80ad178 "\224LW\177GOV.BC.C\030"}, realm_mkvno = 1,
realm_tgsprinc = 0x80b1d60, realm_tgskey = {magic = -1760647421,
enctype = 1, length = 8, contents = 0x80af550 "\212\221\224L\026J"},
realm_tgskvno = 1, realm_encblock = {magic = 0, crypto_entry = 0x80a6ea0,
key = 0x80ad0c8, priv = 0x80af428, priv_size = 128},
realm_ports = 0x80ad328 "7111", realm_maxlife = 36000,
realm_maxrlife = 604800, realm_kstypes = 0x80b1df8, realm_nkstypes = 7}
(gdb) p ticket
$19 = (krb5_ticket **) 0xbfffe9fc
(gdb) p *ticket
$20 = (krb5_ticket *) 0x0
(gdb) p *Kup
#6 0x804af0c in process_tgs_req (pkt=0xbffffb20, from=0xbffffb50,
portnum=7111, response=0xbffffb1c) at do_tgs_req.c:116
116 errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket, &subkey);
(gdb) l
111 status = "UNPARSING SERVER";
112 goto cleanup;
113 }
114
115 /* errcode = kdc_process_tgs_req(request, from, pkt, &req_authdat); */
116 errcode = kdc_process_tgs_req(request, from, pkt, &header_ticket, &subkey);
117
118 if (header_ticket && header_ticket->enc_part2 &&
119 (errcode2 = krb5_unparse_name(kdc_context,
120 header_ticket->enc_part2->client,
(gdb) p *from
$21 = {address = 0xbffffb2c, port = 1128}
(gdb) p *response
$22 = (krb5_data *) 0x80a7444
(gdb) p **response
$23 = {magic = 1073877836, length = 134518222, data = 0x40022ae8 "VS"}
(gdb) up
#7 0x8049c75 in dispatch (pkt=0xbffffb20, from=0xbffffb50, portnum=7111,
response=0xbffffb1c) at dispatch.c:54
54 retval = process_tgs_req(pkt, from, portnum, response);
(gdb) l
49 return 0;
50 }
51 /* try TGS_REQ first; they are more common! */
52
53 if (krb5_is_tgs_req(pkt)) {
54 retval = process_tgs_req(pkt, from, portnum, response);
55 } else if (krb5_is_as_req(pkt)) {
56 if (!(retval = decode_krb5_as_req(pkt, &as_req))) {
57 /*
58 * setup_server_realm() sets up the global realm-specific data
(gdb) p Kup
#8 0x80551b6 in process_packet (port_fd=10, prog=0xbffffd34 "krb5kdc",
portnum=7111) at network.c:177
177 if ((retval = dispatch(&request, &faddr, portnum, &response))) {
(gdb) up
#9 0x8055417 in listen_and_process (prog=0xbffffd34 "krb5kdc")
at network.c:221
221 process_packet(udp_port_fds[i], prog, udp_port_nums[i]);
(gdb) up
#10 0x8054aca in main (argc=5, argv=0xbffffc44) at main.c:912
912 if ((retval = listen_and_process(argv[0]))) {
>Audit-Trail:
Responsible-Changed-From-To: gnats-admin->krb5-unassigned
Responsible-Changed-By: tlyu
Responsible-Changed-When: Mon Jul 7 21:11:06 1997
Responsible-Changed-Why:
refiled
From: Tom Yu <tlyu@MIT.EDU>
To: pcmacdon@tadpole.osg.gov.bc.ca
Cc: krb5-bugs@MIT.EDU, pcmacdon@tadpole.osg.gov.bc.ca
Subject: Re: krb5-kdc/419: krb5kdc dumps core for cross-realm between Linux and Solaris
Date: Mon, 7 Jul 1997 21:12:58 -0400 (EDT)
How repeatable is this coredump? Have you tried the 1.0-pl1 release?
That release fixes a few bugs in the kdc code.
---Tom
From: Tom Yu <tlyu@MIT.EDU>
To: Unassigned Problem Report <krb5-unassigned@RT-11.MIT.EDU>
Cc: krb5-bugs@MIT.EDU
Subject: Re: krb5-kdc/419: krb5kdc dumps core for cross-realm between Linux and Solaris
Date: Mon, 7 Jul 1997 21:13:11 -0400 (EDT)
`Tom Yu' made changes to this PR.
From: pmacdona@tadpole.osg.gov.bc.ca
To: tlyu@MIT.EDU (Tom Yu)
Cc: Subject: Re: krb5-kdc/419: krb5kdc dumps core for cross-realm between Linux and Solaris
Date: Mon, 7 Jul 1997 21:36:30 -0700 (PDT)
>
> How repeatable is this coredump? Have you tried the 1.0-pl1 release?
> That release fixes a few bugs in the kdc code.
>
> ---Tom
>
> How repeatable is this coredump? Have you tried the 1.0-pl1 release?
> That release fixes a few bugs in the kdc code.
>
> ---Tom
>
Yes, upgrading to PL1 fixed it. Thanks
Peter
State-Changed-From-To: open-closed
State-Changed-By: tlyu
State-Changed-When: Tue Jul 8 19:15:59 1997
State-Changed-Why:
Was fixed in pl1.
>Unformatted: