Ubuntu
openssh-krb5 package

Dumps core upon malformed /etc/krb5.conf

Bug #72525 reported by Berge Schwebs Bjørlo
12
Affects Status Importance Assigned to Milestone
portable OpenSSH
Invalid
Undecided
Unassigned
openssh-krb5 (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: ssh-krb5

The ssh-client in ssh-krb5 dumps core with a malformed /etc/krb5.conf. To reproduce, set the default_realm-option in /etc/krb.conf to empty:

berge@orakel-desktop:~$ grep default_realm /etc/krb5.conf
        default_realm =

Try to ssh somewhere:

berge@orakel-desktop:~$ ssh -vvv login.samfundet.no
OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10build1, OpenSSL 0.9.8b 04 May 2006
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: ssh_connect: needpriv 0
debug1: Connecting to login.samfundet.no [129.241.93.19] port 22.
debug1: Connection established.
debug1: identity file /home/berge/.ssh/identity type -1
debug1: identity file /home/berge/.ssh/id_rsa type -1
debug1: identity file /home/berge/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10
debug1: match: OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1 Debian-krb5 3.8.1p1-10build1
debug3: Trying to reverse map address 129.241.93.19.
debug1: Miscellaneous failure
Improper format of Kerberos configuration file

debug1: Miscellaneous failure
Improper format of Kerberos configuration file

*** glibc detected *** ssh: free(): invalid pointer: 0xbff470ec ***
======= Backtrace: =========
/lib/tls/i686/cmov/libc.so.6[0xb7c3a8bd]
/lib/tls/i686/cmov/libc.so.6(__libc_free+0x84)[0xb7c3aa44]
/usr/lib/libgssapi_krb5.so.2[0xb7dca97a]
/usr/lib/libgssapi_krb5.so.2(gss_release_buffer+0x24)[0xb7dda174]
ssh[0x8070a50]
ssh[0x8070c64]
ssh[0x8058d23]
ssh[0x805333c]
ssh[0x804d3e0]
/lib/tls/i686/cmov/libc.so.6(__libc_start_main+0xdc)[0xb7be98cc]
ssh[0x804bda1]
======= Memory map: ========
08048000-08081000 r-xp 00000000 08:02 1749910 /usr/bin/ssh
08081000-08082000 rw-p 00039000 08:02 1749910 /usr/bin/ssh
08082000-080a5000 rw-p 08082000 00:00 0 [heap]
b7a00000-b7a21000 rw-p b7a00000 00:00 0
b7a21000-b7b00000 ---p b7a21000 00:00 0
b7b9f000-b7ba9000 r-xp 00000000 08:02 2472282 /lib/libgcc_s.so.1
b7ba9000-b7baa000 rw-p 00009000 08:02 2472282 /lib/libgcc_s.so.1
b7baa000-b7bae000 r-xp 00000000 08:02 2469238 /lib/tls/i686/cmov/libnss_dns-2.4.so
b7bae000-b7bb0000 rw-p 00003000 08:02 2469238 /lib/tls/i686/cmov/libnss_dns-2.4.so
b7bb0000-b7bb9000 r-xp 00000000 08:02 2469240 /lib/tls/i686/cmov/libnss_files-2.4.so
b7bb9000-b7bbb000 rw-p 00008000 08:02 2469240 /lib/tls/i686/cmov/libnss_files-2.4.so
b7bbb000-b7bc3000 r-xp 00000000 08:02 2469244 /lib/tls/i686/cmov/libnss_nis-2.4.so
b7bc3000-b7bc5000 rw-p 00007000 08:02 2469244 /lib/tls/i686/cmov/libnss_nis-2.4.so
b7bc5000-b7bcc000 r-xp 00000000 08:02 2469236 /lib/tls/i686/cmov/libnss_compat-2.4.so
b7bcc000-b7bce000 rw-p 00006000 08:02 2469236 /lib/tls/i686/cmov/libnss_compat-2.4.so
b7bce000-b7bd0000 rw-p b7bce000 00:00 0
b7bd0000-b7bd2000 r-xp 00000000 08:02 2469213 /lib/tls/i686/cmov/libdl-2.4.so
b7bd2000-b7bd4000 rw-p 00001000 08:02 2469213 /lib/tls/i686/cmov/libdl-2.4.so
b7bd4000-b7d01000 r-xp 00000000 08:02 2469194 /lib/tls/i686/cmov/libc-2.4.so
b7d01000-b7d03000 r--p 0012c000 08:02 2469194 /lib/tls/i686/cmov/libc-2.4.so
b7d03000-b7d05000 rw-p 0012e000 08:02 2469194 /lib/tls/i686/cmov/libc-2.4.so
b7d05000-b7d08000 rw-p b7d05000 00:00 0
b7d08000-b7d17000 r-xp 00000000 08:02 2469260 /lib/tls/i686/cmov/libpthread-2.4.so
b7d17000-b7d19000 rw-p 0000f000 08:02 2469260 /lib/tls/i686/cmov/libpthread-2.4.so
b7d19000-b7d1b000 rw-p b7d19000 00:00 0
b7d1b000-b7d1d000 r-xp 00000000 08:02 2469179 /lib/libcom_err.so.2.1
b7d1d000-b7d1e000 rw-p 00001000 08:02 2469179 /lib/libcom_err.so.2.1
b7d1e000-b7d22000 r-xp 00000000 08:02 1754792 /usr/lib/libkrb5support.so.0.0
b7d22000-b7d23000 rw-p 00003000 08:02 1754792 /usr/lib/libkrb5support.so.0.0
b7d23000-b7d47000 r-xp 00000000 08:02 1754789 /usr/lib/libk5crypto.so.3.0
b7d47000-b7d48000 rw-p 00023000 08:02 1754789 /usr/lib/libk5crypto.so.3.0
b7d48000-b7d49000 rw-p b7d48000 00:00 0
b7d49000-b7dc3000 r-xp 00000000 08:02 1754791 /usr/lib/libkrb5.so.3.2
b7dc3000-b7dc5000 rw-p 0007a000 08:02 1754791 /usr/lib/libkrb5.so.3.2
b7dc5000-b7de0000 r-xp 00000000 08:02 1754788 /usr/lib/libgssapi_krb5.so.2.2
b7de0000-b7de1000 rw-p 0001b000 08:02 1754788 /usr/lib/libgssapi_krb5.so.2.2
b7de1000-b7de6000 r-xp 00000000 08:02 2469206 /lib/tls/i686/cmov/libcrypt-2.4.so
b7de6000-b7de8000 rw-p 00004000 08:02 2469206 /lib/tls/i686/cmov/libcrypt-2.4.so
b7de8000-b7e0f000 rw-p b7de8000 00:00 0
b7e0f000-b7e21000 r-xp 00000000 08:02 2469234 /lib/tls/i686/cmov/libnsl-2.4.so
b7e21000-b7e23000 rw-p 00011000 08:02 2469234 /lib/tls/i686/cmov/libnsl-2.4.so
b7e23000-b7e25000 rw-p b7e23000 00:00 0
b7e25000-b7e38000 r-xp 00000000 08:02 1752782 /usr/lib/libz.so.1.2.3
b7e38000-b7e39000 rw-p 00012000 08:02 1752782 /usr/lib/libz.so.1.2.3
b7e39000-b7e3b000 r-xp 00000000 08:02 2472280 /lib/tls/i686/cmov/libutil-2.4.so
b7e3b000-b7e3d000 rw-p 00001000 08:02 2472280 /lib/tls/i686/cmov/libutil-2.4.so
b7e3d000-b7e3e000 rw-p b7e3d000 00:00 0
b7e3e000-b7f60000 r-xp 00000000 08:02 1815904 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7f60000-b7f75000 rw-p 00121000 08:02 1815904 /usr/lib/i686/cmov/libcrypto.so.0.9.8
b7f75000-b7f78000 rw-p b7f75000 00:00 0
b7f78000-b7f87000 r-xp 00000000 08:02 2469264 /lib/tls/i686/cmov/libresolv-2.4.so
b7f87000-b7f89000 rw-p 0000f000 08:02 2469264 /lib/tls/i686/cmov/libresolv-2.4.so
b7f89000-b7f8b000 rw-p b7f89000 00:00 0
b7f9d000-b7f9f000 rw-p b7f9d000 00:00 0
b7f9f000-b7fb8000 r-xp 00000000 08:02 2473770 /lib/ld-2.4.so
b7fb8000-b7fba000 rw-p 00018000 08:02 2473770 /lib/ld-2.4.so
bff33000-bff48000 rw-p bff33000 00:00 0 [stack]
ffffe000-fffff000 ---p 00000000 00:00 0 [vdso]
Aborted (core dumped)

The sensible action would probably be to inform the user that the configuration file is malformed, and exit gracefully. The even better thing to do, would be to continue anyway.

This bug might be related to bug #50680.

Chris Rose (chris-vault5)
Changed in openssh-krb5:
status: Unconfirmed → Confirmed
Revision history for this message
dino99 (9d9) wrote :

outdated version; no more support expected

Changed in openssh-krb5 (Ubuntu):
status: Confirmed → Invalid
Changed in openssh:
status: New → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.