From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from smtpout2.vodafonemail.de (smtpout2.vodafonemail.de [145.253.239.133]) by sourceware.org (Postfix) with ESMTPS id E61483858414 for ; Sun, 28 Nov 2021 09:53:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E61483858414 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=nexgo.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=nexgo.de Received: from smtp.vodafone.de (unknown [10.2.0.33]) by smtpout2.vodafonemail.de (Postfix) with ESMTP id BC28D609F5 for ; Sun, 28 Nov 2021 10:53:58 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nexgo.de; s=vfde-smtpout-mb-15sep; t=1638093238; bh=Rth1fyzCdgVLH8+9BLvzIGdmA95DyfIM7JYUtODHND8=; h=From:To:Subject:References:Date:In-Reply-To; b=BcWps67RHoxCMf4fq6VR/a6hM2zyiXZvQUPgJ04BL2RV42bGMLxhCSR/aLDGmESiz SOrZHFBeDIgTI0OPIu44gAZsRIKD8zhCfGj4HthwvNBC1zI5UZeet874f9sRUtav58 tcqxUigDe+mtDnpR0Ywhz8Nl86emVH+GRzZiXmOM= Received: from Gertrud (p5b2f3fbc.dip0.t-ipconnect.de [91.47.63.188]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp.vodafone.de (Postfix) with ESMTPSA id 4J23j16MZTzHnJ8 for ; Sun, 28 Nov 2021 09:53:57 +0000 (UTC) From: Achim Gratz To: cygwin-apps@cygwin.com Subject: Re: [ATTN MAINTAINER] openssh References: <874k85yghh.fsf@Rainer.invalid> Date: Sun, 28 Nov 2021 10:53:57 +0100 In-Reply-To: <874k85yghh.fsf@Rainer.invalid> (Achim Gratz's message of "Sun, 21 Nov 2021 11:01:46 +0100") Message-ID: <875ysc61xm.fsf@Rainer.invalid> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-purgate-type: clean X-purgate-Ad: Categorized by eleven eXpurgate (R) http://www.eleven.de X-purgate: This mail is considered clean (visit http://www.eleven.de for further information) X-purgate: clean X-purgate-size: 887 X-purgate-ID: 149169::1638093237-00000479-019CDA2D/0/0 X-Spam-Status: No, score=-3030.2 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_BARRACUDACENTRAL, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=no autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: cygwin-apps@cygwin.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Cygwin package maintainer discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Nov 2021 09:54:01 -0000 Achim Gratz writes: > These patches work for 32bit also and I believe they are correct, but > that build should not be made available due to a bug in libfido2 that > crashes when trying to free the memory associated with the WebAuthn > payload returned. Without these patches applied you can still use the > fallback to USB-HID when you are an administrator. The call into WebAuthn completely messes up the stack apparently. The returned object looks OK once you realize it is a version 1 and thus the extension fields are bogus, but the whole thing crashes if you do just one more call. Gdb session: https://paste.c-net.org/SerumLoser Any ideas what that might be? Regards, Achim. -- +<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+ Wavetables for the Waldorf Blofeld: http://Synth.Stromeko.net/Downloads.html#BlofeldUserWavetables