Re: kpasswdd dumps on OpenBSD6.3

ASV Sun, 05 Aug 2018 09:34:58 -0700

Here we go:

(gdb) frame 2
#2  0x00001fe05dc02bfb in change (auth_context=0x1fe261682080, 
admin_principal=0x1fe318614860, version=65408, s=8, sa=0x7f7ffffe0968, 
sa_size=16, in_data=0x7f7ffffe0310) at kpasswdd.c:410
410         ret = kadm5_s_chpass_principal_cond (kadm5_handle, principal, 1, 
tmp);
(gdb) p kadm5_handle
$1 = (void *) 0x0
(gdb) p principal->name.name_string.val[0]
$2 = 0x1fe312b39eb0 "vaxxxxx"
(gdb) p principal->name.name_string.val[1]
$3 = 0x0
(gdb) p admin_principal->name.name_string[0]
Structure has no component named operator[].
(gdb) p admin_principal->name.name_string[1]
Structure has no component named operator[].
(gdb) p pwd_data->length
$4 = 16
(gdb) p context[0]
Cannot perform pointer math on incomplete type "krb5_context_data", try casting 
to a known type, or void *.




On Sun, 2018-08-05 at 12:11 -0400, Viktor Dukhovni wrote:
> On Aug 5, 2018, at 5:20 AM, ASV <[email protected]> wrote:
> > 
> > Good morning,
> > this looks more exhaustive to me. :)
> 
> You have debugging symbols in the "kpasswdd" executable, but NOT in
> the
> libkadm5srv.so library.  Please also install the re-compiled library
> and
> rerun the test, but first:
> 
> > (gdb) bt
> > #0  0x00001fe263d185d6 in change () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > #1  0x00001fe263d1855f in kadm5_s_chpass_principal_cond () from
> > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> 
> [ No symbols in frames 0 and 1 ]
> 
> > #2  0x00001fe05dc02bfb in change (auth_context=0x1fe261682080,
> > admin_principal=0x1fe318614860, version=65408, s=8,
> > sa=0x7f7ffffe0968, sa_size=16, in_data=0x7f7ffffe0310) at
> > kpasswdd.c:410
> 
> This is the call to kadm5_s_chpass_principal_cond in kpasswdd.c:
> 
>     410     ret = kadm5_s_chpass_principal_cond (kadm5_handle,
> principal, 1, tmp);
> 
> It would already be useful to see the value of "kadm5_handle".  You
> can report the
> output of:
> 
>       (gdb) frame 2
>       (gdb) p kadm5_handle
>         (gdb) p principal->name.name_string.val[0]
>       (gdb) p principal->name.name_string.val[1]
>       (gdb) p admin_principal->name.name_string[0]
>       (gdb) p admin_principal->name.name_string[1]
>       (gdb) p pwd_data->length
>       (gdb) p context[0]
> 
> If this proves insufficient, we'll need the debugging symbols for
> library,
> but it is possible that symbols in the library will not be needed.
> 
> > #3  0x00001fe05dc01b89 in process (keytab=0x1fe27c7a0c00, s=8,
> > this_addr=0x1fe261684330, sa=0x7f7ffffe0968, sa_size=16,
> > msg=0x7f7ffffe0460 "\002\200\002\bn\202\002\0040\202\002", len=676)
> >    at kpasswdd.c:633
> > #4  0x00001fe05dc017d9 in doit (keytab=0x1fe27c7a0c00, port=53249)
> > at kpasswdd.c:767
> > #5  0x00001fe05dc01073 in main (argc=1, argv=0x7f7ffffe0c08) at
> > kpasswdd.c:906
> > (gdb) x/i $pc
> > 0x1fe263d185d6 <change+102>:    cmpl   $0x0,0xc8(%r14)
> > (gdb) i reg
> > rax            0xb216510a6421fab2       -5614210780399273294
> > rbx            0x1      1
> > rcx            0x0      0
> > rdx            0x1      1
> > rsi            0x1fe318612740   35060227057472
> > rdi            0x0      0
> > rbp            0x7f7ffffe0050   0x7f7ffffe0050
> > rsp            0x7f7ffffdff40   0x7f7ffffdff40
> > r8             0x0      0
> > r9             0x1fe2b9c4c5d0   35058639750608
> > r10            0x1fe2d5235b30   35059098934064
> > r11            0x0      0
> > r12            0x1fe318612740   35060227057472
> > r13            0x0      0
> > r14            0x0      0
> > r15            0x1fe2b9c4c5d0   35058639750608
> > rip            0x1fe263d185d6   0x1fe263d185d6 <change+102>
> > eflags         0x10202  66050
> > cs             0x2b     43
> > ss             0x23     35
> > ds             0x23     35
> > es             0x23     35
> > fs             0x23     35
> > gs             0x23     35
> > 
> > 
> > 
> > On Sat, 2018-08-04 at 15:44 -0400, Viktor Dukhovni wrote:
> > > > On Aug 4, 2018, at 3:28 PM, ASV <[email protected]> wrote:
> > > > 
> > > > I think that I finally got it, did I?
> > > 
> > > Still no symbols, but yes, you got the instruction decode.
> > > 
> > > > Program received signal SIGSEGV, Segmentation fault.
> > > > 0x000007fe9c69d5d6 in change () from
> > > > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > > > Current language:  auto; currently minimal
> > > > (gdb) bt
> > > > #0  0x000007fe9c69d5d6 in change () from
> > > > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > > > #1  0x000007fe9c69d55f in kadm5_s_chpass_principal_cond () from
> > > > /usr/local/heimdal/lib/libkadm5srv.so.3.0
> > > > #2  0x000007fbfc702bfb in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #3  0x000007fbfc701b89 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #4  0x000007fbfc7017d9 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #5  0x000007fbfc701073 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #6  0x000007fbfc7009a6 in ?? () from
> > > > /usr/local/heimdal/libexec/kpasswdd
> > > > #7  0x0000000000000000 in ?? ()
> > > > (gdb) x/i
> > > > $pc                                                            
> > > >     
> > > > 
> > > > 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
> > > > (gdb) x/40i $pc-102
> > > > 0x7fe9c69d570 <change>: push   %rbp
> > > > 0x7fe9c69d571 <change+1>:       mov    %rsp,%rbp
> > > > 0x7fe9c69d574 <change+4>:       push   %r15
> > > > 0x7fe9c69d576 <change+6>:       push   %r14
> > > > 0x7fe9c69d578 <change+8>:       push   %r13
> > > > 0x7fe9c69d57a <change+10>:      push   %r12
> > > > 0x7fe9c69d57c <change+12>:      push   %rbx
> > > > 0x7fe9c69d57d <change+13>:      sub    $0xe8,%rsp
> > > > 0x7fe9c69d584 <change+20>:      mov    %r9,%r15
> > > > 0x7fe9c69d587 <change+23>:      mov    %r8,%r13
> > > > 0x7fe9c69d58a
> > > > <change+26>:      mov    %ecx,0xffffffffffffff04(%rbp)
> > > > 0x7fe9c69d590 <change+32>:      mov    %edx,%ebx
> > > > 0x7fe9c69d592 <change+34>:      mov    %rsi,%r12
> > > > 0x7fe9c69d595 <change+37>:      mov    %rdi,%r14
> > > > 0x7fe9c69d598
> > > > <change+40>:      mov    2174785(%rip),%rax        #
> > > > 0x7fe9c8b04e0 <__guard_local>
> > > > 0x7fe9c69d59f
> > > > <change+47>:      mov    %rax,0xffffffffffffffd0(%rbp)
> > > > 0x7fe9c69d5a3 <change+51>:      xorps  %xmm0,%xmm0
> > > > 0x7fe9c69d5a6 <change+54>:      movaps
> > > > %xmm0,0xffffffffffffffc0(%rbp)
> > > > 0x7fe9c69d5aa <change+58>:      movaps
> > > > %xmm0,0xffffffffffffffb0(%rbp)
> > > > 0x7fe9c69d5ae <change+62>:      movaps
> > > > %xmm0,0xffffffffffffffa0(%rbp)
> > > > 0x7fe9c69d5b2 <change+66>:      movaps
> > > > %xmm0,0xffffffffffffff90(%rbp)
> > > > 0x7fe9c69d5b6 <change+70>:      movaps
> > > > %xmm0,0xffffffffffffff80(%rbp)
> > > > 0x7fe9c69d5ba <change+74>:      movaps
> > > > %xmm0,0xffffffffffffff70(%rbp)
> > > > 0x7fe9c69d5c1 <change+81>:      movaps
> > > > %xmm0,0xffffffffffffff60(%rbp)
> > > > 0x7fe9c69d5c8 <change+88>:      movaps
> > > > %xmm0,0xffffffffffffff50(%rbp)
> > > > 0x7fe9c69d5cf <change+95>:      movaps
> > > > %xmm0,0xffffffffffffff40(%rbp)
> > > > 0x7fe9c69d5d6 <change+102>:     cmpl   $0x0,0xc8(%r14)
> > > 
> > > This is confirms the guess, the kadm5 handle is NULL.  We now
> > > need
> > > debugging
> > > symbols.
> > > 
> 
>

Re: kpasswdd dumps on OpenBSD6.3

Reply via email to