Call for testing: OpenSSH 7.2

Hisashi T Fujinaka htodd at twofifty.com
Wed Feb 17 17:55:12 AEDT 2016


On Wed, 17 Feb 2016, Damien Miller wrote:

> On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote:
>
>> On Wed, 17 Feb 2016, Damien Miller wrote:
>>
>>>> Core was generated by `test_sshkey'.
>>>> Program terminated with signal SIGSEGV, Segmentation fault.
>>>> #0  0x000000000041273e in cert_parse (key=0x7f7ff7b120c0,
>>>> certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896
>>>> 1896                    key->cert->principals[key->cert->nprincipals++] =
>>>> principal;
>>>
>>> Could you do a "print *key->cert" to see what is going wrong here?
>>
>> (gdb) print *key->cert
>> $1 = {certblob = 0x7f7ff7b162a0, type = 2, serial = 5, key_id = 0x7f7ff7b18090
>> "julius", nprincipals = 1,
>>   principals = 0xfffffffff7b180a0, valid_after = 915145200, valid_before =
>> 1293836400, critical = 0x7f7ff7b162f0,
>>   extensions = 0x7f7ff7b16340, signature_key = 0x0}
>
> Thanks, but nothing appears wrong there. How about
> "print key->cert->principals[0]" - though I'm not sure how it could get
> to this point without reallocarray() returning a bad pointer.

Yeah:

(gdb) print key->cert->principals[0]
Cannot access memory at address 0xfffffffff7b180a0

-- 
Hisashi T Fujinaka - htodd at twofifty.com
BSEE + BSChem + BAEnglish + MSCS + $2.50 = coffee


More information about the openssh-unix-dev mailing list