segfault in openssh-1.2pre13
Damien Miller
djm at mindrot.org
Sat Nov 20 16:49:32 EST 1999
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 19 Nov 1999, Berend De Schouwer wrote:
> RH6.0, Intel, openssh-1.2pre13
>
> If I generate /etc/ssh_host_key, it works, if I generate
> /root/.ssh/identity it segfaults. Every time.
Fixed. There was a buffer overrun in the filename handling.
Please try the attached patch.
Regards,
Damien Miller
> # ssh-keygen
> Generating RSA keys: Key generation complete.
> Enter file in which to save the key (/root/.ssh/identity):
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in /root/.ssh/identity.
> Your public key is:
> 1024 35 120157590 ...... 3660088497 root at bongw3.bonus.co.za
> Segmentation fault (core dumped)
>
> # ssh-keygen
> Generating RSA keys: Key generation complete.
> Enter file in which to save the key (/root/.ssh/identity): /etc/ssh_host_key
> Enter passphrase (empty for no passphrase):
> Enter same passphrase again:
> Your identification has been saved in /etc/ssh_host_key.
> Your public key is:
> 1024 35 167064111 ...... 49601307 root at bongw3.bonus.co.za
> Your public key has been saved in /etc/ssh_host_key.pub
>
> (keys shortened for mail)
>
> Following is from a backtrace:
> # gdb ssh-keygen /root/core
> GNU gdb 4.17.0.11 with Linux support
> Copyright 1998 Free Software Foundation, Inc.
> GDB is free software, covered by the GNU General Public License, and you are
> welcome to change it and/or distribute copies of it under certain conditions.
> Type "show copying" to see the conditions.
> There is absolutely no warranty for GDB. Type "show warranty" for details.
> This GDB was configured as "i386-redhat-linux"...
> Core was generated by `ssh-keygen'.
> Program terminated with signal 11, Segmentation fault.
> Reading symbols from /lib/libpam.so.0...done.
> Reading symbols from /lib/libdl.so.2...done.
> Reading symbols from /lib/libnsl.so.1...done.
> Reading symbols from /usr/lib/libz.so.1...done.
> Reading symbols from /lib/libutil.so.1...done.
> Reading symbols from /lib/libc.so.6...done.
> Reading symbols from /lib/ld-linux.so.2...done.
> Reading symbols from /lib/libnss_files.so.2...done.
> #0 chunk_alloc (ar_ptr=0x40132580, nb=184) at malloc.c:2723
> malloc.c:2723: No such file or directory.
> (gdb) bt
> #0 chunk_alloc (ar_ptr=0x40132580, nb=184) at malloc.c:2723
> #1 0x400a1b8a in __libc_malloc (bytes=176) at malloc.c:2616
> #2 0x4009ae5b in _IO_new_fopen (filename=0x8068e80 "/root/.ssh/identity.¹",
> mode=0x805f6e3 "w") at iofopen.c:42
> #3 0x804a14f in main (ac=1, av=0xbffffd64) at ssh-keygen.c:574
> #4 0x40061cb3 in __libc_start_main (main=0x8049b44 <main>, argc=1,
> argv=0xbffffd64, init=0x8048e10 <_init>, fini=0x805f43c <_fini>,
> rtld_fini=0x4000a350 <_dl_fini>, stack_end=0xbffffd5c)
> at ../sysdeps/generic/libc-start.c:78
> (gdb)
>
>
> Funny filename "/root/.ssh/identity.¹"
>
> --
> Kind regards,
> Berend
>
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Berend De Schouwer, +27-11-712-1435, UCS
>
>
- --
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE4NjZvormJ9RG1dI8RAqweAKCIdcMsIn9Vvuv7XOC+c4q6VwSpJACfRCo6
OOgqwWcT9PLydyNVNNDFONo=
=XjB/
-----END PGP SIGNATURE-----
-------------- next part --------------
Index: ssh-keygen.c
===================================================================
RCS file: /var/cvs/openssh/ssh-keygen.c,v
retrieving revision 1.5
diff -u -r1.5 ssh-keygen.c
--- ssh-keygen.c 1999/11/17 06:29:08 1.5
+++ ssh-keygen.c 1999/11/20 05:45:49
@@ -570,6 +570,7 @@
/* Save the public key in text format in a file with the same name but
.pub appended. */
+ file = xrealloc(file, strlen(file) + 5);
strcat(file, ".pub");
f = fopen(file, "w");
if (!f)
More information about the openssh-unix-dev
mailing list