Bug 7210 - ssh crash on Kerberos errors on Windows
Summary: ssh crash on Kerberos errors on Windows
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Client (show other bugs)
Version: 1.3.1
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.10.0
Assignee: Pierre Ossman
Keywords: prosaic
Depends on:
Blocks: 4532
  Show dependency treegraph
Reported: 2018-07-10 13:10 CEST by Pierre Ossman
Modified: 2019-02-18 12:27 CET (History)
1 user (show)

See Also:
Acceptance Criteria:


Description Pierre Ossman cendio 2018-07-10 13:10:11 CEST
If there is an error in the GSS-API/Kerberos routines, then our ssh will crash. Windows doesn't seem to show the crash dialog for stripped binaries, so the practical issue is that the user sees a "SSH terminated" message rather than "Kerberos auth failed".
Comment 2 Pierre Ossman cendio 2018-07-10 13:11:01 CEST

Index: openssh/openbsd-compat/win32-sspi.c
--- openssh/openbsd-compat/win32-sspi.c (revision 33497)
+++ openssh/openbsd-compat/win32-sspi.c (working copy)
@@ -190,7 +192,7 @@
                                msg = "No minor code available";
                status_string->length = strlen(msg);
-               status_string->value = msg;
+               status_string->value = xstrdup(msg);
                return GSS_S_COMPLETE;
Comment 3 Pierre Ossman cendio 2019-01-24 15:10:32 CET
The bug can be provoked by connecting to a realm for which you have no ticket (same realm but wrong user works fine). So basically just connect to any non-Kerberos server and the bug happens.

I tried it on our Windows 2008R2 server, and I even got a crash dialog for ssh.
Comment 4 Pierre Ossman cendio 2019-01-24 15:12:50 CET
This was with an unstripped binary, so I guess that explains the error dialog.
Comment 6 Pierre Ossman cendio 2019-01-24 15:15:47 CET
Above fix applied and works well.

This code is only in the error handling, so the tester only needs to test this failure scenario.
Comment 7 Peter Åstrand cendio 2019-02-18 12:27:47 CET
Tested both x64 and x86 version of the Windows client, build 6045. The error message is correctly displayed.

Note You need to log in before you can comment on or make changes to this bug.