Package: openssh-server Version: 1:4.2p1-4bpo1juhaj1 Severity: normal Tags: patch
OpenSSH's GSSAPI authentication routines pass addresses of OM_uint32 to functions expecting a pointer to int. On alpha, int is 64 bits and the values stored in the variables pointed by these pointers only have half of their bits set. Results in broken GSSAPI authentication and a very annoying "connection closed by remote host" -message without any other info as to why. Even with -vvv you get no relevant info. Server side, of course, shows what happens with -ddd. This probably affects other 64-bit archs as well, but I only if they have 64-bit ints: ppc64 and x86_64, which I have access to, both have 32-bit ints. Patch below. Note that this only fixes the authentication process. There is at least one logging function with the same problem. Reading the actual build logs should reveal them since they show up as "passing arg N ... from incompatible pointer type" or something equivalent. Cheers, Juha --patch-- --- monitor.c 2006-02-09 11:45:16 +0200 +++ monitor.c.orig 2006-02-09 11:44:27 +0200 @@ -1947,7 +1947,7 @@ gss_buffer_desc data, hash; OM_uint32 major, minor; - data.value = buffer_get_string(m, (int *) &data.length); + data.value = buffer_get_string(m, &data.length); if (data.length != 20) fatal("%s: data length incorrect: %d", __func__, data.length); --- monitor.c.orig 2006-02-09 11:44:27 +0200 +++ monitor.c 2006-02-09 11:45:16 +0200 @@ -1947,7 +1947,7 @@ gss_buffer_desc data, hash; OM_uint32 major, minor; - data.value = buffer_get_string(m, &data.length); + data.value = buffer_get_string(m, (int *) &data.length); if (data.length != 20) fatal("%s: data length incorrect: %d", __func__, data.length); -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.14+juhaj+v1.0 Locale: LANG=en_GB.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Versions of packages openssh-server depends on: ii adduser 3.81 Add and remove users and groups ii debconf [debconf-2.0 1.4.70 Debian configuration management sy ii dpkg 1.13.13 package maintenance system for Deb ii libc6 2.3.5-13 GNU C Library: Shared libraries an ii libgssapi4-heimdal 0.7.1-1juhaj1 Libraries for Heimdal Kerberos ii libkafs0-heimdal 0.7.1-1juhaj1 Libraries for Heimdal Kerberos ii libkrb5-17-heimdal 0.7.1-1juhaj1 Libraries for Heimdal Kerberos ii libpam-modules 0.79-3 Pluggable Authentication Modules f ii libpam-runtime 0.79-3.1 Runtime support for the PAM librar ii libpam0g 0.79-3.1 Pluggable Authentication Modules l ii libselinux1 1.28-1 SELinux shared libraries ii libssl0.9.7 0.9.7g-5 SSL shared libraries ii libwrap0 7.6.dbs-8 Wietse Venema's TCP wrappers libra ii openssh-client 1:4.2p1-4bpo1juhaj1 Secure shell client, an rlogin/rsh ii zlib1g 1:1.2.3-9 compression library - runtime openssh-server recommends no packages. -- debconf information: ssh/insecure_rshd: ssh/insecure_telnetd: ssh/new_config: true * ssh/use_old_init_script: true ssh/disable_cr_auth: false ssh/encrypted_host_key_but_no_keygen: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]