Segfaults after receiving invalid AS-REQ

Andreas Haupt andreas.haupt at desy.de
Wed Aug 30 09:01:08 CEST 2017


Dear all,

we are running KDCs on Heimdal version 7.4. Since the update to version 7.x
a few weeks ago we observe KDC segfaults after receiving invalid AS-REQ.
Looks like an evil bug to me. Anybody else seeing this?

This is logged into syslog:

Aug 30 01:38:16 fred-vm1 kdc[3364]: No client in request
Aug 30 01:38:16 fred-vm1 kdc[3364]: AS-REQ malformed client name from IPv4:125.212.217.214
Aug 30 01:38:16 fred-vm1 kernel: [1163150.404544] kdc[3364]: segfault at 18 ip 00007f102fb5de22 sp 00007ffe868a7240 error 4 in libasn1.so.8.0.0[7f102fa9c000+d6000]
Aug 30 01:38:16 fred-vm1 journal: Missed 276419 kernel messages
Aug 30 01:38:16 fred-vm1 kernel: kdc[3364]: segfault at 18 ip 00007f102fb5de22 sp 00007ffe868a7240 error 4 in libasn1.so.8.0.0[7f102fa9c000+d6000]
Aug 30 01:38:16 fred-vm1 kdc[3357]: KDC reaped worker process: 3364, term signal 11
Aug 30 01:38:16 fred-vm1 kdc[3357]: KDC worker process started: 29859

Cheers,
Andreas
-- 
| Andreas Haupt            | E-Mail: andreas.haupt at desy.de
|  DESY Zeuthen            | WWW:    http://www-zeuthen.desy.de/~ahaupt
|  Platanenallee 6         | Phone:  +49/33762/7-7359
|  D-15738 Zeuthen         | Fax:    +49/33762/7-7216


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4873 bytes
Desc: not available
URL: <http://www.h5l.org/pipermail/heimdal-discuss/attachments/20170830/07f8292e/attachment.bin>


More information about the Heimdal-discuss mailing list