Re: Bug in Kerberos support for openssh.
This is a discussion on Re: Bug in Kerberos support for openssh. within the OpenSSH Development forums, part of the Networking and Network Related category; Eric Youngdale wrote: >debug1: An invalid name was supplied >A parameter was malformed >Validation error > .... >...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
02-28-2006
|
|||
|
|||
Re: Bug in Kerberos support for openssh.
Eric Youngdale wrote:
>debug1: An invalid name was supplied >A parameter was malformed >Validation error > .... >Later on (not much further later), ssh calls > > if ((ctx->major = gss_export_name(&ctx->minor, ctx->client, > &ename))) { > ssh_gssapi_error(ctx); > return (ctx->major); > } > >Here ctx->client is passed in but gss_export_name assumes that the input >name is a krb5_principal. gss_export_name() should work with any src_name returned by gss_accept_sec_context()... Whatversion of the MIT libraries do you have? The error appears to come not from a nametype check, but from a pointer validation: if (! kg_validate_name(input_name)) { if (minor_status) *minor_status = (OM_uint32) G_VALIDATE_FAILED; krb5_free_context(context); return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME); } Is it possible that the ctx->client pointer is getting mangled somehow? d -- David Leonard Vintela Resource Central software engineer Quest Software; 303 Adelaide St, Brisbane, Australia; www.quest.com Phone: (US) +1 801 655 2755 (AU) +61 7 3023 5133 _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org http://www.mindrot.org/mailman/listi...enssh-unix-dev 
|
Linear Mode
