cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Core dump when authentication fails?

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Wed, 25 May 2011 22:40:23 +0200 (CEST)

On Wed, 25 May 2011, Saqib Ali wrote:

> I attached dbx to the core to get a stack trace of the crash. See below. All
> my source code is not on the same machine as my executable. So stepping
> through the source is a bit more difficult. But eventually doable if
> necessary.

What libssh2 version is this? Does keyboard-interactive auth work against this
server?

> =>[5] curl_domalloc(wantedsize = 0, line = 310, source = 0xfe8efcf8
> "ssh.c"), line 136 in "memdebug.c"

We have the libcurl function set to alloc memory for libssh2, so this is
really libssh2 asking to malloc zero bytes. It isn't strictly wrong, but I've
made it check for it in the libcurl code because we don't write code that
allocate zero bytes so this way it helps detect flaws.

> [7] userauth_keyboard_interactive(...), line 1457 in "userauth.c"

That's calling LIBSSH2_ALLOC() with the length "userauth_kybd_auth_name_len"
which is extracted from the SSH packet and is supposed to be the length of the
jeyboard-interactive authentication name.

I figure a "quick" check would be to make sure the libssh2 code doesn't try to
malloc anything if that length is zero. See the attachment for a suggested
approach.

-- 
  / daniel.haxx.se


-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2011-05-25