Re: ssh-krb5 bug?
Oh it seems that I copied a not so very interesting part of the
ltrace.
Maybe this one is more meaningful, because here are the (only)
sections, where the (invalid?) pointer 0x80688ab is used:
EVP_DigestInit(0xbfffd960, 0xb7fa3260, 149, 0xb7fa8d04, 0x80a2028) = 1
EVP_DigestUpdate(0xbfffd960, 0x80aba08, 1999, 0xb7fa8d04, 0x80a2028) = 1
EVP_DigestFinal(0xbfffd960, 0x8082e20, 0, 0xb7fa8d04, 0x80a2028) = 1
memset(0x80aba08, '\000', 4096) = 0x80aba08
free(0x80aba08) = <void>
DH_free(0x80a1fd8, 0x80949c0, 0x80a6e10, 595, 0x8095688) = 0
free(0x80a21a8) = <void>
BN_clear_free(0x8094740, 0x80949c0, 0x80a6e10, 595, 0x8095688) = 0
BN_num_bits(0x809d120, 0, 0xb7ce4a94, 0xb7fe9000, 0x8049d03) = 1024
malloc(4096) = 0x80ab328
memcpy(0x80ab328, "", 143) = 0x80ab328
memcpy(0xbfffd8d4, "", 4) = 0xbfffd8d4
malloc(8) = 0x8098188
memcpy(0x8098188, "ssh-rsa", 7) = 0x8098188
free(0x8098188) = <void>
memcpy(0xbfffd8d4, "", 4) = 0xbfffd8d4
malloc(129) = 0x80a2458
memcpy(0x80a2458, "5\003W\nr\232<\211\002\255\220\226\376\270\317\233o)\200\204aAsF\252!\033w\275$\277j"..., 128) = 0x80a2458
memset(0x80ab328, '\000', 4096) = 0x80ab328
free(0x80ab328) = <void>
RSA_size(0x809d0c8, 0xbfffd92c, 143, 0xb7fe9000, 0x8049d03) = 128
OBJ_nid2sn(64, 0xbfffd92c, 143, 0xb7fe9000, 0x8049d03) = 0xb7f80276
EVP_get_digestbyname(0xb7f80276, 0xbfffd92c, 143, 0xb7fe9000, 0x8049d03) = 0xb7fa3260
EVP_DigestInit(0xbfffd960, 0xb7fa3260, 143, 0xb7fe9000, 0x8049d03) = 1
EVP_DigestUpdate(0xbfffd960, 0x8082e20, 20, 0xb7fe9000, 0x8049d03) = 1
EVP_DigestFinal(0xbfffd960, 0xbfffd930, 0xbfffd928, 0xb7fe9000, 0x8049d03) = 1
RSA_size(0x809d0c8, 100, 100, 0xb7fa8d04, 0x80a2738) = 128
malloc(128) = 0x80946f0
RSA_public_decrypt(128, 0x80a2458, 0x80946f0, 0x809d0c8, 1) = 35
free(0x80946f0) = <void>
memset(0x80a2458, 's', 128) = 0x80a2458
free(0x80a2458) = <void>
RSA_free(0x809d0c8, 20, 0xb7da3668, 0x8082e20, 595) = 0
free(0x80a2738) = <void>
free(0x80a2688) = <void>
malloc(20) = 0x80a2738
memcpy(0x80a2738, "\255_\033\377\277\275\225\255\367\315\227N\226\253\217\202\272\350\200\237", 20) = 0x80a2738
EVP_sha1(0xb7da2c60, 280, 0xb7ce4a94, 0xb7da3620, 0xb7da2c60) = 0xb7fa3260
malloc(20) = 0x809d138
malloc(4096) = 0x80ab328
BN_num_bits(0x80a2028, 20, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 1022
malloc(129) = 0x80946f0
BN_bn2bin(0x80a2028, 0x80946f1, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 128
memcpy(0x80ab328, "", 4) = 0x80ab328
memcpy(0x80ab32c, "-\247\314{\336\006A\326\200B^E{~\031c\3130\203,\314\024\3045r\006Y\337\255'\201`"..., 128) = 0x80ab32c
memset(0x80946f0, '\000', 129) = 0x80946f0
free(0x80946f0) = <void>
EVP_DigestInit(0xbfffd900, 0xb7fa3260, 0xb7ce4a94, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80ab328, 132, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x8082e20, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0xbfffd8ff, 1, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80a2738, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestFinal(0xbfffd900, 0x809d138, 0, 0xb7da3620, 0xb7da2c60) = 1
memset(0x80ab328, '\000', 4096) = 0x80ab328
free(0x80ab328) = <void>
EVP_sha1(0x80ab328, 0x809d138, 0, 0xb7da3620, 0xb7da2c60) = 0xb7fa3260
malloc(20) = 0x8094b30
malloc(4096) = 0x80ab328
BN_num_bits(0x80a2028, 20, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 1022
malloc(129) = 0x80946f0
BN_bn2bin(0x80a2028, 0x80946f1, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 128
memcpy(0x80ab328, "", 4) = 0x80ab328
memcpy(0x80ab32c, "-\247\314{\336\006A\326\200B^E{~\031c\3130\203,\314\024\3045r\006Y\337\255'\201`"..., 128) = 0x80ab32c
memset(0x80946f0, '\000', 129) = 0x80946f0
free(0x80946f0) = <void>
EVP_DigestInit(0xbfffd900, 0xb7fa3260, 0, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80ab328, 132, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x8082e20, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0xbfffd8ff, 1, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80a2738, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestFinal(0xbfffd900, 0x8094b30, 0, 0xb7da3620, 0xb7da2c60) = 1
memset(0x80ab328, '\000', 4096) = 0x80ab328
free(0x80ab328) = <void>
EVP_sha1(0x80ab328, 0x8094b30, 0, 0xb7da3620, 0xb7da2c60) = 0xb7fa3260
malloc(20) = 0x8094b78
malloc(4096) = 0x80ab328
BN_num_bits(0x80a2028, 20, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 1022
malloc(129) = 0x80946f0
BN_bn2bin(0x80a2028, 0x80946f1, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 128
memcpy(0x80ab328, "", 4) = 0x80ab328
memcpy(0x80ab32c, "-\247\314{\336\006A\326\200B^E{~\031c\3130\203,\314\024\3045r\006Y\337\255'\201`"..., 128) = 0x80ab32c
memset(0x80946f0, '\000', 129) = 0x80946f0
free(0x80946f0) = <void>
EVP_DigestInit(0xbfffd900, 0xb7fa3260, 0, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80ab328, 132, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x8082e20, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0xbfffd8ff, 1, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80a2738, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestFinal(0xbfffd900, 0x8094b78, 0, 0xb7da3620, 0xb7da2c60) = 1
memset(0x80ab328, '\000', 4096) = 0x80ab328
free(0x80ab328) = <void>
EVP_sha1(0x80ab328, 0x8094b78, 0, 0xb7da3620, 0xb7da2c60) = 0xb7fa3260
malloc(20) = 0x8094b90
malloc(4096) = 0x80ab328
BN_num_bits(0x80a2028, 20, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 1022
malloc(129) = 0x80946f0
BN_bn2bin(0x80a2028, 0x80946f1, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 128
memcpy(0x80ab328, "", 4) = 0x80ab328
memcpy(0x80ab32c, "-\247\314{\336\006A\326\200B^E{~\031c\3130\203,\314\024\3045r\006Y\337\255'\201`"..., 128) = 0x80ab32c
memset(0x80946f0, '\000', 129) = 0x80946f0
free(0x80946f0) = <void>
EVP_DigestInit(0xbfffd900, 0xb7fa3260, 0, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80ab328, 132, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x8082e20, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0xbfffd8ff, 1, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80a2738, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestFinal(0xbfffd900, 0x8094b90, 0, 0xb7da3620, 0xb7da2c60) = 1
memset(0x80ab328, '\000', 4096) = 0x80ab328
free(0x80ab328) = <void>
EVP_sha1(0x80ab328, 0x8094b90, 0, 0xb7da3620, 0xb7da2c60) = 0xb7fa3260
malloc(20) = 0x8094ba8
malloc(4096) = 0x80ab328
BN_num_bits(0x80a2028, 20, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 1022
malloc(129) = 0x80946f0
BN_bn2bin(0x80a2028, 0x80946f1, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 128
memcpy(0x80ab328, "", 4) = 0x80ab328
memcpy(0x80ab32c, "-\247\314{\336\006A\326\200B^E{~\031c\3130\203,\314\024\3045r\006Y\337\255'\201`"..., 128) = 0x80ab32c
memset(0x80946f0, '\000', 129) = 0x80946f0
free(0x80946f0) = <void>
EVP_DigestInit(0xbfffd900, 0xb7fa3260, 0, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80ab328, 132, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x8082e20, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0xbfffd8ff, 1, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestUpdate(0xbfffd900, 0x80a2738, 20, 0xb7da3620, 0xb7da2c60) = 1
EVP_DigestFinal(0xbfffd900, 0x8094ba8, 0, 0xb7da3620, 0xb7da2c60) = 1
memset(0x80ab328, '\000', 4096) = 0x80ab328
free(0x80ab328) = <void>
EVP_sha1(0x80ab328, 0x8094ba8, 0, 0xb7da3620, 0xb7da2c60) = 0xb7fa3260
malloc(20) = 0x809d150
malloc(4096) = 0x80ab328
BN_num_bits(0x80a2028, 20, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 1022
malloc(129) = 0x80946f0
BN_bn2bin(0x80a2028, 0x80946f1, 0xbfffd8d8, 0x80688ab, 0xbfffd910) = 128
--
\____ __ \_ ___ __
Dieter Faulbaum o/ \ o\/_/_,\
<\__,\ " \
"\, \ \
Reply to: