cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Core dump when authentication fails?

From: Michael Wood <esiotrot_at_gmail.com>
Date: Fri, 27 May 2011 18:14:04 +0200

On 27 May 2011 17:17, Saqib Ali <saqib.ali.75_at_gmail.com> wrote:
>>
>> What libssh2 version is this? Does keyboard-interactive auth work against
>> this server?
>
> libssh2-1.2.8
> The same program works fine with the correct password.
> Yes, I can do a scp to this server from the command line and it works.
>
>>
>> I figure a "quick" check would be to make sure the libssh2 code doesn't
>> try to malloc anything if that length is zero. See the attachment for a
>> suggested approach.
>>
>
> Thanks for your patch to libssh2. I tried it. Unfortunately, the result was
> a core dump at the same line. Here is the relevant dbx output:
> (dbx) where

I don't have the libssh2 source, but it seems another similar patch is
necessary. It got past the place where it crashed the last time, but
now it's crashing further down userauth.c.

Perhaps you could see if there's another call to LIBSSH2_ALLOC() that
you can skip if the second argument is 0 like Daniel did in the patch.
[...]
>   [7] userauth_keyboard_interactive(session = 0x73d10, username = 0x27118
> "lis", username_len = 3U, response_callback = 0xff1aa958 =
> &`libcurl.so.4.2.0`ssh.c`kbd_callback(const char *name, int name_len, const
> char *instruction, int instruction_len, int num_prompts, const
> LIBSSH2_USERAUTH_KBDINT_PROMPT *prompts, LIBSSH2_USERAUTH_KBDINT_RESPONSE
> *responses, void **abstract)), line 1489 in "userauth.c"
[...]

-- 
Michael Wood <esiotrot_at_gmail.com>
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2011-05-27