On Wed, Jun 29, 2011 at 11:49 AM, Daniel Stenberg <dan...@haxx.se> wrote:
> On Wed, 29 Jun 2011, Alfred Gebert wrote:
>
>>>> #2 0xb7b136d8 in userauth_keyboard_interactive (session=0x8084a40,
>>>> username=0x8084810 "agebert", username_len=7,
>>>> response_callback=0xb7e83840 <kbd_callback>) at userauth.c:1616
>>>
>>> At this point (userauth.c:1616), is session->userauth_kybd_data NULL or
>>> what
>>> does it point to?
>>
>> session->userauth_kybd_data is _not_ NULL.
>
> Oh. Can you see from where it jumps to the cleanup label?
>
session->userauth_kybd_data is set to NULL on line userauth.c:1575.
And then modified here
(gdb) cont
Continuing.
Hardware watchpoint 4: session->userauth_kybd_data
Old value = (unsigned char *) 0x0
New value = (unsigned char *) 0x3 <Address 0x3 out of bounds>
_libssh2_htonu32 (buf=0x8091855 "", value=3) at misc.c:176
176 }
(gdb) where
#0 _libssh2_htonu32 (buf=0x8091855 "", value=3) at misc.c:176
#1 0xb7b0102a in _libssh2_store_u32 (buf=0xbfffdaf0, value=3) at misc.c:182
#2 0xb7b01061 in _libssh2_store_str (buf=0xbfffdaf0, str=0x80966c0
"e2e", len=3) at misc.c:190
#3 0xb7b13600 in userauth_keyboard_interactive (session=0x8084a78,
username=0x8083ef0 "agebert", username_len=7,
response_callback=0xb7e83840 <kbd_callback>) at userauth.c:1585
#4 0xb7b1390b in libssh2_userauth_keyboard_interactive_ex
(session=0x8084a78, user=0x8083ef0 "agebert", user_len=7,
response_callback=0xb7e83840 <kbd_callback>) at userauth.c:1672
#5 0xb7e851d6 in ssh_statemach_act () from /home/agebert/local/lib/libcurl.so.4
#6 0xb7e87a32 in ssh_easy_statemach () from
/home/agebert/local/lib/libcurl.so.4
#7 0xbfffec28 in ?? ()
Backtrace stopped: previous frame inner to this frame (corrupt stack?)
The five byte from session->userauth_buf are too small and
session->userauth_kybd_data is the next member after userauth_buf.
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
