If there is an error in the GSS-API/Kerberos routines, then our ssh will crash. Windows doesn't seem to show the crash dialog for stripped binaries, so the practical issue is that the user sees a "SSH terminated" message rather than "Kerberos auth failed".
Fix: Index: openssh/openbsd-compat/win32-sspi.c =================================================================== --- openssh/openbsd-compat/win32-sspi.c (revision 33497) +++ openssh/openbsd-compat/win32-sspi.c (working copy) @@ -190,7 +192,7 @@ msg = "No minor code available"; } status_string->length = strlen(msg); - status_string->value = msg; + status_string->value = xstrdup(msg); return GSS_S_COMPLETE; }
The bug can be provoked by connecting to a realm for which you have no ticket (same realm but wrong user works fine). So basically just connect to any non-Kerberos server and the bug happens. I tried it on our Windows 2008R2 server, and I even got a crash dialog for ssh.
This was with an unstripped binary, so I guess that explains the error dialog.
Above fix applied and works well. This code is only in the error handling, so the tester only needs to test this failure scenario.
Tested both x64 and x86 version of the Windows client, build 6045. The error message is correctly displayed.
