[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#352042: openssh-server: incompatible pointer types break gssapi auth on alpha, possibly others

Package: openssh-server
Version: 1:4.2p1-4bpo1juhaj1
Severity: normal
Tags: patch


OpenSSH's GSSAPI authentication routines pass addresses of OM_uint32 to
functions expecting a pointer to int. On alpha, int is 64 bits and the
values stored in the variables pointed by these pointers only have half
of their bits set. Results in broken GSSAPI authentication and a very
annoying "connection closed by remote host" -message without any other
info as to why. Even with -vvv you get no relevant info. Server side,
of course, shows what happens with -ddd. This probably affects other 64-bit
archs as well, but I only if they have 64-bit ints: ppc64 and x86_64, which
I have access to, both have 32-bit ints.

Patch below. Note that this only fixes the authentication process. There
is at least one logging function with the same problem. Reading the actual
build logs should reveal them since they show up as "passing arg N ... from
incompatible pointer type" or something equivalent.

Cheers,
Juha

--patch--

--- monitor.c   2006-02-09 11:45:16 +0200
+++ monitor.c.orig      2006-02-09 11:44:27 +0200
@@ -1947,7 +1947,7 @@
        gss_buffer_desc data, hash;
        OM_uint32 major, minor;
 
-       data.value = buffer_get_string(m, (int *) &data.length);
+       data.value = buffer_get_string(m, &data.length);
        if (data.length != 20) 
                fatal("%s: data length incorrect: %d", __func__, data.length);
 

--- monitor.c.orig      2006-02-09 11:44:27 +0200
+++ monitor.c   2006-02-09 11:45:16 +0200
@@ -1947,7 +1947,7 @@
        gss_buffer_desc data, hash;
        OM_uint32 major, minor;
 
-       data.value = buffer_get_string(m, &data.length);
+       data.value = buffer_get_string(m, (int *) &data.length);
        if (data.length != 20) 
                fatal("%s: data length incorrect: %d", __func__, data.length);
 




-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14+juhaj+v1.0
Locale: LANG=en_GB.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8)

Versions of packages openssh-server depends on:
ii  adduser              3.81                Add and remove users and groups
ii  debconf [debconf-2.0 1.4.70              Debian configuration management sy
ii  dpkg                 1.13.13             package maintenance system for Deb
ii  libc6                2.3.5-13            GNU C Library: Shared libraries an
ii  libgssapi4-heimdal   0.7.1-1juhaj1       Libraries for Heimdal Kerberos
ii  libkafs0-heimdal     0.7.1-1juhaj1       Libraries for Heimdal Kerberos
ii  libkrb5-17-heimdal   0.7.1-1juhaj1       Libraries for Heimdal Kerberos
ii  libpam-modules       0.79-3              Pluggable Authentication Modules f
ii  libpam-runtime       0.79-3.1            Runtime support for the PAM librar
ii  libpam0g             0.79-3.1            Pluggable Authentication Modules l
ii  libselinux1          1.28-1              SELinux shared libraries
ii  libssl0.9.7          0.9.7g-5            SSL shared libraries
ii  libwrap0             7.6.dbs-8           Wietse Venema's TCP wrappers libra
ii  openssh-client       1:4.2p1-4bpo1juhaj1 Secure shell client, an rlogin/rsh
ii  zlib1g               1:1.2.3-9           compression library - runtime

openssh-server recommends no packages.

-- debconf information:
  ssh/insecure_rshd:
  ssh/insecure_telnetd:
  ssh/new_config: true
* ssh/use_old_init_script: true
  ssh/disable_cr_auth: false
  ssh/encrypted_host_key_but_no_keygen:
Reply to: