Ticket #80 (closed defect: fixed)

Opened 2 years ago

Last modified 3 months ago

zwrite segfault with expired tickets

Reported by: kaduk@… Owned by: jhutz@…
Priority: major Milestone: 3.0.3 release
Component: zephyr.clients Version: 3.0.1
Keywords: Cc: kaduk@…
Platform: Unix (other)

Description

Sorry, no symbols in this build.

(gdb) bt
#0  0x00000008008551a4 in Z_ExtractEncCksum ()
   from /usr/local/lib/libzephyr.so.4.0
#1  0x00000008008554bc in Z_InsertZcodeChecksum ()
   from /usr/local/lib/libzephyr.so.4.0
#2  0x0000000800852147 in ZMakeZcodeRealmAuthentication ()
   from /usr/local/lib/libzephyr.so.4.0
#3  0x0000000800852220 in ZMakeZcodeAuthentication ()
   from /usr/local/lib/libzephyr.so.4.0
#4  0x0000000800852239 in ZMakeAuthentication ()
   from /usr/local/lib/libzephyr.so.4.0
#5  0x0000000800857433 in Z_FormatAuthHeader ()
   from /usr/local/lib/libzephyr.so.4.0
#6  0x00000008008577d0 in Z_FormatHeader ()
   from /usr/local/lib/libzephyr.so.4.0
#7  0x000000080085078e in ZFormatNotice () from /usr/local/lib/libzephyr.so.4.0
#8  0x0000000800854033 in ZSrvSendNotice ()
   from /usr/local/lib/libzephyr.so.4.0
#9  0x00000008008540b0 in ZSendNotice () from /usr/local/lib/libzephyr.so.4.0
#10 0x0000000000401541 in send_off ()
#11 0x0000000000401e4f in main ()

Change History

comment:1 Changed 19 months ago by kaduk@…

Have some symbols.

#0  0x0000000800859bbd in Z_InsertZcodeChecksum (keyblock=0x10,
    notice=0x603860, buffer=0x7fffffffbe80 "ZEPH0.2",
    cksum_start=0x7fffffffbe80 "ZEPH0.2", cksum_len=306,
    cstart=0x7fffffffbf78 "0x00000000", cend=0x7fffffffbf83 "",
    buffer_len=832, length_adjust=0x7fffffffbcf0, from_server=0)
    at Zinternal.c:1408
#1  0x0000000800852d6c in ZMakeZcodeRealmAuthentication (notice=0x603860,
    buffer=0x7fffffffbe80 "ZEPH0.2", buffer_len=832, phdr_len=0x7fffffffbe7c,
    realm=0x800a60560 "ATHENA.MIT.EDU") at ZMkAuth.c:171
#2  0x0000000800852b4d in ZMakeZcodeAuthentication (notice=0x10,
    buffer=0x7fffffffbe80 "ZEPH0.2", buffer_len=832, phdr_len=0x7fffffffbe7c)
    at ZMkAuth.c:108
#3  0x0000000800852b13 in ZMakeAuthentication (notice=0x10,
    buffer=0x7fffffffbe80 "ZEPH0.2", buffer_len=832, len=0x7fffffffbe7c)
    at ZMkAuth.c:40
#4  0x0000000800857ecf in Z_FormatAuthHeader (notice=0x603860,
    buffer=0x7fffffffbe80 "ZEPH0.2", buffer_len=832, len=0x7fffffffbe7c,
    cert_routine=0x400ffc <ZMakeAuthentication@plt>) at Zinternal.c:759
#5  0x0000000800857c61 in Z_FormatHeader (notice=0x603860,
    buffer=0x7fffffffbe80 "ZEPH0.2", buffer_len=832, len=0x7fffffffbe7c,
    cert_routine=0x400ffc <ZMakeAuthentication@plt>) at Zinternal.c:691
#6  0x0000000800850c20 in ZFormatNotice (notice=0x603860,
    buffer=0x7fffffffc208, ret_len=0x7fffffffc204,
    cert_routine=0x400ffc <ZMakeAuthentication@plt>) at ZFmtNotice.c:29
#7  0x0000000800855021 in ZSrvSendNotice (notice=0x603860,
    cert_routine=0x400ffc <ZMakeAuthentication@plt>,
    send_routine=0x800859a30 <Z_XmitFragment>) at ZSendNot.c:37
#8  0x0000000800854fd4 in ZSendNotice (notice=0x603860,
    cert_routine=0x400ffc <ZMakeAuthentication@plt>) at ZSendNot.c:23
#9  0x00000000004022a4 in send_off (notice=0x603860, real=0) at zwrite.c:383
#10 0x0000000000401a4f in main (argc=2, argv=0x7fffffffd9e8) at zwrite.c:254

This is built against the Heimdal 1.1.0 in FreeBSD 9-current from May.

comment:2 Changed 3 months ago by jhutz@…

  • Owner set to jhutz@…
  • Status changed from new to accepted
  • Milestone set to 3.0.3 release

This is reproducible in the current code.
Note that doing so likely requires an expired TGT and _no_ zephyr ticket.

comment:3 Changed 3 months ago by kcr@…

  • Status changed from accepted to closed
  • Resolution set to fixed

fixed in 9ec3d325048ab72c6f6e037820e33aa8538b7b51

Note: See TracTickets for help on using tickets.