Bug in Kerberos support for openssh.
David Leonard
David.Leonard at quest.com
Tue Feb 28 11:37:21 EST 2006
Eric Youngdale wrote:
>debug1: An invalid name was supplied
>A parameter was malformed
>Validation error
>
...
>Later on (not much further later), ssh calls
>
> if ((ctx->major = gss_export_name(&ctx->minor, ctx->client,
> &ename))) {
> ssh_gssapi_error(ctx);
> return (ctx->major);
> }
>
>Here ctx->client is passed in but gss_export_name assumes that the input
>name is a krb5_principal.
gss_export_name() should work with any src_name returned by
gss_accept_sec_context()...
Whatversion of the MIT libraries do you have? The error appears to come
not from a nametype check, but from a pointer validation:
if (! kg_validate_name(input_name)) {
if (minor_status)
*minor_status = (OM_uint32) G_VALIDATE_FAILED;
krb5_free_context(context);
return(GSS_S_CALL_BAD_STRUCTURE|GSS_S_BAD_NAME);
}
Is it possible that the ctx->client pointer is getting mangled somehow?
d
--
David Leonard
Vintela Resource Central software engineer
Quest Software; 303 Adelaide St, Brisbane, Australia; www.quest.com
Phone: (US) +1 801 655 2755
(AU) +61 7 3023 5133
More information about the openssh-unix-dev
mailing list