Bug 209529 - double free or corruption when kerberos ticket present.
double free or corruption when kerberos ticket present.
Status: CLOSED DUPLICATE of bug 208102
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
5
i386 Linux
medium Severity high
: ---
: ---
Assigned To: Tomas Mraz
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-10-05 16:11 EDT by Pawel Salek
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-06 04:00:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Pawel Salek 2006-10-05 16:11:52 EDT
Description of problem:
ssh client crashes if it runs on a host that has a kerberos ticket present even
if kerberos is not used for authentication.

Version-Release number of selected component (if applicable):
openssh-clients-4.3p2-4.10

How reproducible:
Always.

Steps to Reproduce:
1. kinit miffo@NADA.KTH.SE
2. ssh -v example.com
  
Actual results:
[snip]
debug1: Host 'example.com' is known and matches the RSA host key.
debug1: Found key in /home/user/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
*** glibc detected *** ssh: double free or corruption (top): 0x08263d30 ***
======= Backtrace: =========
/lib/libc.so.6[0x1a71cd]
/lib/libc.so.6(cfree+0x90)[0x1a7360]
/usr/lib/libkrb5.so.3(krb5_free_cred_contents+0x8d)[0x81cbbd]
/usr/lib/libkrb5.so.3(krb5_free_creds+0x29)[0x81cc49]
/usr/lib/libkrb5.so.3(krb5_free_tgt_creds+0x2e)[0x81cc8e]
/usr/lib/libkrb5.so.3(krb5_get_credentials+0x1dc)[0x8173dc]
/usr/lib/libgssapi_krb5.so.2(krb5_gss_init_sec_context+0xab9)[0xc8ef19]
/usr/lib/libgssapi_krb5.so.2(gss_init_sec_context+0x71)[0xc93511]
ssh[0x48cac3]
ssh[0x48cc9c]
ssh[0x46edad]
ssh[0x46ef5d]
ssh[0x46f62a]
ssh[0x4869ab]
ssh[0x46faed]
ssh[0x469f81]
ssh(main+0x1007)[0x4612c7]
/lib/libc.so.6(__libc_start_main+0xdc)[0x15723c]
ssh[0x45f581]

Expected results:
One should be able to log in to the host.

Additional info:
The KDC has strong Heimdal preference but I guess everybody knows that. Still,
only Fedora software runs on the client so one cannot blame it on KDC.
Destroying the ticket fixes the problem, the following output appears:
[snip]
debug1: Authentications that can continue: publickey,gssapi-with-mic,password
debug1: Next authentication method: gssapi-with-mic
debug1: Miscellaneous failure
No credentials cache found

debug1: Miscellaneous failure
No credentials cache found

debug1: Next authentication method: publickey

So, my first guess is that the recent credential caching code has not been
thoroughly tested...
Comment 1 Tomas Mraz 2006-10-06 04:00:28 EDT

*** This bug has been marked as a duplicate of 208102 ***

Note You need to log in before you can comment on or make changes to this bug.