search for: cert_parse

...uce a core dump? if so, could you feed it to gdb and get a > > backtrace? > > Never mind, I'm being stupid. Here's the backtrace: > > Core was generated by `test_sshkey'. > Program terminated with signal SIGSEGV, Segmentation fault. > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0, > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896 > 1896 key->cert->principals[key->cert->nprincipals++] = > principal; Could you do a "print *key->cert" to see what is going wrong here? Thanks, Damien

On Tue, 16 Feb 2016, Hisashi T Fujinaka wrote: > On Wed, 17 Feb 2016, Damien Miller wrote: > > > > Core was generated by `test_sshkey'. > > > Program terminated with signal SIGSEGV, Segmentation fault. > > > #0 0x000000000041273e in cert_parse (key=0x7f7ff7b120c0, > > > certbuf=0x7f7ff7b16200, b=0x7f7ff7b161b0) at sshkey.c:1896 > > > 1896 key->cert->principals[key->cert->nprincipals++] = > > > principal; > > > > Could you do a "print *key->cert" to see wh...

On Wed, Feb 17, 2016 at 3:51 AM, Hisashi T Fujinaka <htodd at twofifty.com> wrote: > Sorry, I haven't been paying too much attention here, but I'm having > repeated failures when I tried this morning. > > NetBSD-current: > test_sshkey: ..................................[1] Segmentation fault > (core dumped) ${V} /home/htodd... > *** Error code 139 did it

On Wed, 17 Feb 2016, Hisashi T Fujinaka wrote: > > I need to make these error messages more user-friendly :( > > > > -24 is SSH_ERR_SYSTEM_ERROR, so it's likely failing to find/load the > > key for some reason. I'll make a patch to improve the error message, > > but in the meantime you could probably figure out the exact failure > > using

Hi, OpenSSH 5.3 is almost ready for release, so we would appreciate testing on as many platforms and systems as possible. This release contains some substantial new features and a number of bugfixes. Snapshot releases for portable OpenSSH are available from http://www.mindrot.org/openssh_snap/ The OpenBSD version is available in CVS HEAD: http://www.openbsd.org/anoncvs.html Portable OpenSSH is

...le for normal pubkey authentication without 1) the key algorithm being of a permitted type 2) knowing at least the signature of a pubkey in authorized_keys etc However, certificates are verified before such checks: userauth_pubkey() -> sshkey_from_blob() -> sshkey_from_blob_internal() -> cert_parse() -> sshkey_verify(key->cert->signature_key) -> ssh_rsa_verify() (or others, depending on cert type) -> openssh_RSA_verify() -> RSA_public_decrypt() The signature algorithm *is* subsequently checked, but of course RSA_public_decrypt has already been called by that point. Outsid...