On Mon, 25 Dec 2017, Greg Hudson wrote:

> On 12/25/2017 09:03 AM, Marcin Cieslak wrote:
> > I found a core file that says:
> > 
> > Core was generated by `/usr/local/libexec/kdc --detach'.
> > Program terminated with signal SIGSEGV, Segmentation fault.
> > #0  0x0000000801286820 in der_length_general_string (data=0x18) at 
> > der_length.c:209
> > 209     return strlen(*data);
> 
> It looks like this bug was fixed in 7.5.0.  The relevant commit on the
> release branch is here:
> 
> https://github.com/heimdal/heimdal/commit/749d377fa357351a7bbba51f8aae72cdf0629592

Thank you, this looks like the fix to me, too. (Just figured it out 
independently).

> > As it turns out the main process is waiting on wait4():
> 
> This might be a secondary bug, also fixed in 7.5.0:
> 
> https://github.com/heimdal/heimdal/commit/108b28874788e5d0aa6f7c5af16d6cc405ae8eac
> 
> (I am not a Heimdal developer, but I was curious enough to look into the
> backtrace.)

Thank you very much!

What wonders me is that someone out of AWS sends such requests in the wild.

> openssl asn1parse -i -inform der -in /tmp/request -dump
    0:d=0  hl=3 l= 110 cons: appl [ 10 ]       
    3:d=1  hl=3 l= 107 cons:  SEQUENCE          
    6:d=2  hl=2 l=   3 cons:   cont [ 1 ]        
    8:d=3  hl=2 l=   1 prim:    INTEGER           :05
   11:d=2  hl=2 l=   3 cons:   cont [ 2 ]        
   13:d=3  hl=2 l=   1 prim:    INTEGER           :0A
   16:d=2  hl=3 l=  94 cons:   cont [ 4 ]        
   19:d=3  hl=2 l=  92 cons:    SEQUENCE          
   21:d=4  hl=2 l=   7 cons:     cont [ 0 ]        
   23:d=5  hl=2 l=   5 prim:      BIT STRING        
      0000 - 00 50 80 00 10                                    .P...
   30:d=4  hl=2 l=   4 cons:     cont [ 2 ]        
   32:d=5  hl=2 l=   2 prim:      GENERALSTRING     
      0000 - 4e 4d                                             NM
   36:d=4  hl=2 l=  23 cons:     cont [ 3 ]        
   38:d=5  hl=2 l=  21 cons:      SEQUENCE          
   40:d=6  hl=2 l=   3 cons:       cont [ 0 ]        
   42:d=7  hl=2 l=   1 prim:        INTEGER           :00
   45:d=6  hl=2 l=  14 cons:       cont [ 1 ]        
   47:d=7  hl=2 l=  12 cons:        SEQUENCE          
   49:d=8  hl=2 l=   6 prim:         GENERALSTRING     
      0000 - 6b 72 62 74 67 74                                 krbtgt
   57:d=8  hl=2 l=   2 prim:         GENERALSTRING     
      0000 - 4e 4d                                             NM
   61:d=4  hl=2 l=  17 cons:     cont [ 5 ]        
   63:d=5  hl=2 l=  15 prim:      GENERALIZEDTIME   :19700101000000Z
   80:d=4  hl=2 l=   6 cons:     cont [ 7 ]        
   82:d=5  hl=2 l=   4 prim:      INTEGER           :1F1EB9D9
   88:d=4  hl=2 l=  23 cons:     cont [ 8 ]        
   90:d=5  hl=2 l=  21 cons:      SEQUENCE          
   92:d=6  hl=2 l=   1 prim:       INTEGER           :12
   95:d=6  hl=2 l=   1 prim:       INTEGER           :11
   98:d=6  hl=2 l=   1 prim:       INTEGER           :10
  101:d=6  hl=2 l=   1 prim:       INTEGER           :17
  104:d=6  hl=2 l=   1 prim:       INTEGER           :01
  107:d=6  hl=2 l=   1 prim:       INTEGER           :03
  110:d=6  hl=2 l=   1 prim:       INTEGER           :02


Marcin CieĊ›lak

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Reply via email to