[Bug 2686] New: SSHD segfaults when trying to load RSA1 host keys
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Thu Mar 2 03:46:53 AEDT 2017
https://bugzilla.mindrot.org/show_bug.cgi?id=2686
Bug ID: 2686
Summary: SSHD segfaults when trying to load RSA1 host keys
Product: Portable OpenSSH
Version: 7.4p1
Hardware: Other
OS: Linux
Status: NEW
Keywords: patch
Severity: enhancement
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: jjelen at redhat.com
Created attachment 2952
--> https://bugzilla.mindrot.org/attachment.cgi?id=2952&action=edit
possible patch
During the transition from Protocol 1 and older openssh versions there
is a possibility that the old configuration files will still have some
of the old configuration options including the HostKeys pointing to the
old key types (RSA1). I found in my sshd_config such a line and after
updating OpenSSH I was unable to connect:
HostKey /etc/ssh/ssh_host_key
Removing the above line will make sshd work again.
GDB traceback:
Program received signal SIGSEGV, Segmentation fault.
#0 match_pattern (s=s at entry=0x0,
pattern=pattern at entry=0x7fffffffd520
"ecdsa-sha2-nistp256-cert-v01 at openssh.com") at match.c:98
#1 0x00005555555a7af3 in match_pattern_list (string=0x0,
pattern=pattern at entry=0x555555831aa0
"ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v0"...,
dolower=dolower at entry=0) at match.c:156
#2 0x000055555556447c in list_hostkey_types () at sshd.c:794
#3 do_ssh2_kex () at sshd.c:2327
#4 0x00005555555622c1 in main (ac=<optimized out>, av=<optimized out>)
at sshd.c:2181
Problem is in list_hostkey_types() which is not checking the return
value of sshkey_ssh_name() (for RSA1 returns NULL).
The openssh is build --with-ssh1 (to support SSH1 in clients), but that
should not matter.
I am not sure about the plans what everything will be removed in next
release and if if maters for future, but certainly it maters for us
that it is crashing sshd at this moment.
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list