[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
gsasl test tool crashes on OS X
|
From: |
Wim Lewis |
|
Subject: |
gsasl test tool crashes on OS X |
|
Date: |
Sat, 21 Jan 2012 16:39:20 -0800 |
|
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 |
Gsasl (gsasl-1.6.1) crashes after reading a password. It doesn't look
like this affects libgsasl, only the gsasl tool.
The problem is it's freeing the pointer returned by getpass(), which is
not a malloc'd pointer. From the man page for getpass() on OS X 10.6.7:
> BUGS
> The getpass() function leaves its result in an internal
> static object and returns a pointer to that object.
> Subsequent calls to getpass() will modify the same object.
OSX also has a readpassphrase() function (inherited from OpenBSD), which
has better buffer handling, but is not POSIX. On the other hand, it
appears that getpass() has been removed from POSIX anyway.
Here's a gdb backtrace of the crash, after I gave it the password
"pencil" during a SCRAM-SHA-1 exchange:
Enter base64 authentication data from client (press RET if none):
Yz1iaXdzLHI9V1FeY0EwIXVCRWJrcFBscjZSSFBsbFVMM3IscD1xK1lSZ2NZenVydHZTbTh3Si9KY2NRWDdOeUE9
Enter password:
gsasl(90618) malloc: *** error for object 0x7fff7005ffc0: pointer being
freed was not allocated
*** set a breakpoint in malloc_error_break to debug
Program received signal SIGABRT, Aborted.
0x00007fff8034d0b6 in __kill ()
(gdb) bt
#0 0x00007fff8034d0b6 in __kill ()
#1 0x00007fff803ed9f6 in abort ()
#2 0x00007fff80305195 in free ()
#3 0x0000000100003831 in locale_to_utf8 (str=0x7fff7005ffc0 "pencil")
at callbacks.c:43
#4 0x0000000100003d36 in callback (ctx=<value temporarily unavailable,
due to optimizations>, sctx=0x10040a640, prop=<value temporarily
unavailable, due to optimizations>) at callbacks.c:98
#5 0x000000010001811c in gsasl_property_get (sctx=0x10040a640,
prop=GSASL_PASSWORD) at property.c:241
#6 0x0000000100024473 in _gsasl_scram_sha1_server_step ()
#7 0x000000010001875e in gsasl_step64 (sctx=0x10040a640, b64input=0x8
<Address 0x8 out of bounds>, b64output=0x7fff5fbff738) at xstep.c:100
#8 0x000000010000236c in main (argc=<value temporarily unavailable, due
to optimizations>, argv=<value temporarily unavailable, due to
optimizations>) at gsasl.c:678
(gdb) up
#1 0x00007fff803ed9f6 in abort ()
(gdb)
#2 0x00007fff80305195 in free ()
(gdb)
#3 0x0000000100003831 in locale_to_utf8 (str=0x7fff7005ffc0 "pencil")
at callbacks.c:43
43 free (str);
(gdb) inf loc
from = <value temporarily unavailable, due to optimizations>
q = 0x10040af90 "pencil"
(gdb)
And here's a trivial reimplementation of readutf8pass() using
readpassphrase():
static char *
readutf8pass (const char *prompt)
{
char *p = malloc(1024);
char *pass = readpassphrase(prompt, p, 1024, RPP_ECHO_OFF);
if (!pass)
{
free(p);
}
return locale_to_utf8 (pass);
}
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- gsasl test tool crashes on OS X,
Wim Lewis <=