Mailing List Archive: [Bug 864] sshd segfaults on connect on SunOS

[Bug 864] sshd segfaults on connect on SunOS

bugzilla-daemon at mindrot

May 5, 2004, 6:15 PM

Post #1 of 10 (558 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

Summary: sshd segfaults on connect on SunOS
Product: Portable OpenSSH
Version: 3.8.1p1
Platform: Sparc
OS/Version: SunOS
Status: NEW
Severity: normal
Priority: P2
Component: sshd
AssignedTo: openssh-bugs@mindrot.org
ReportedBy: jsr@dexter.mi.org

sshd segfaults on connect

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 5, 2004, 6:18 PM

Post #2 of 10 (554 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From jsr@dexter.mi.org 2004-05-06 12:18 -------
Created an attachment (id=627)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=627&action=view)
sshd debug log

Thie problem started in 3.8p1

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 5, 2004, 6:22 PM

Post #3 of 10 (552 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

jsr@dexter.mi.org changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #627|application/octet-stream |text/plain
mime type| |

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 5, 2004, 6:24 PM

Post #4 of 10 (551 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From jsr@dexter.mi.org 2004-05-06 12:24 -------
(From update of attachment 627)
This started in 3.8p1

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 5, 2004, 6:31 PM

Post #5 of 10 (551 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From dtucker@zip.com.au 2004-05-06 12:31 -------
Could you please run sshd under a debugger and get a stack trace? If you have
gdb, you can do this with:
# gdb ./sshd
(gdb) set args -ddd
(gdb run
[connect to server and wait for segfault]
(gdb) bt

then attach the backtrace to this bug.

Which OpenSSL version are you using, and did you use the same version with the
previously working OpenSSH version?

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 7, 2004, 6:00 PM

Post #6 of 10 (551 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From jsr@dexter.mi.org 2004-05-08 12:00 -------
Created an attachment (id=629)
--> (http://bugzilla.mindrot.org/attachment.cgi?id=629&action=view)
gdb log

OpenSSL 0.9.7d 17 Mar 2004

The previous version of OpenSSH that worked was 3.7.1p2 using the same
version of OpenSSL

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 7, 2004, 6:09 PM

Post #7 of 10 (553 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From djm@mindrot.org 2004-05-08 12:08 -------
The fault is definitely in libcrypto. Did you compile OpenSSH on the system or
on another box and move the binaries there?

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 7, 2004, 6:13 PM

Post #8 of 10 (551 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From dtucker@zip.com.au 2004-05-08 12:13 -------
Does OpenSSL's self test ("make tests") pass?

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 7, 2004, 7:58 PM

Post #9 of 10 (551 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From jsr@dexter.mi.org 2004-05-08 13:58 -------
openssl-0.9.7d passes "make test" except for complaining that SunOS "bc" doesn't
work. openssh-3.8.1p1 seems to work fine with openssl-0.9.7c openssh-3.7.1p2
works with openssl-0.9.7d

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

[Bug 864] sshd segfaults on connect on SunOS [ In reply to ]

bugzilla-daemon at mindrot

May 7, 2004, 8:11 PM

Post #10 of 10 (551 views)

http://bugzilla.mindrot.org/show_bug.cgi?id=864

------- Additional Comments From djm@mindrot.org 2004-05-08 14:11 -------
Looking more at the debug trace causes me to seriously suspect a problem in
OpenSSL. Notice where we cross from OpenSSH to OpenSSL:

> #0 0x8bc60 in getrn ()
> #1 0x8babc in lh_retrieve ()
> #2 0x68a9c in def_get_class ()
> #3 0x68c04 in int_new_ex_data ()
> #4 0x69314 in CRYPTO_new_ex_data ()
> #5 0x47bb8 in RSA_new_method ()
> #6 0x48080 in RSA_new ()
> #7 0x323cc in key_new (type=1) at key.c:61

The line is question is simply:

> if ((rsa = RSA_new()) == NULL)
> fatal("key_new: RSA_new failed");

I.e there are no parameters coming from OpenSSH that could be pointing to bad
places. The problem could still be corruption happening elsewhere in OpenSSH,
but that is less likely. You could test for this by linking with ElectricFence
or similar.

Can you create keys using "openssl genrsa 1024"?

------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.