openssh 2.3.0p1 crashes

Christian Recktenwald openssh-contact at citecs.de
Wed Dec 13 02:25:00 EST 2000 

System: RedHat 7.0, Kernel 2.2.17, glibc-2.1.92-14

$ ssh chris at 172.16.5.2 -v
SSH Version OpenSSH_2.3.0p1, protocol versions 1.5/2.0.
Compiled with SSL (0x0090600f).
debug: Reading configuration data /usr/local/app/openssh-2.3.0p1/etc/ssh_config
debug: Seeding random number generator
debug: ssh_connect: getuid 0 geteuid 0 anon 0
debug: Connecting to 172.16.5.2 [172.16.5.2] port 22.
debug: Seeding random number generator
debug: Allocated local port 764.
debug: Connection established.
debug: Remote protocol version 1.99, remote software version OpenSSH_2.3.0p1
debug: no match: OpenSSH_2.3.0p1
debug: Local version string SSH-1.5-OpenSSH_2.3.0p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
The authenticity of host '172.16.5.2' can't be established.
RSA key fingerprint is ff:9c:c7:c2:1a:ee:93:20:7d:92:ee:c7:f9:99:55:fb.
Are you sure you want to continue connecting (yes/no)? Segmentation fault

This happens if the public key of system I want to connect to 
isn't known to the system I'm connecting from.

The local system does have access to a DNS server.

gdb says:

$ gdb  /usr/local/app/openssh-2.3.0p1/bin/ssh core
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-redhat-linux"...(no debugging symbols found)...
Core was generated by `ssh chris 172.16.5.2 -v'.
Program terminated with signal 11, Segmentation fault.
Reading symbols from /lib/libNoVersion.so.1...done.
Loaded symbols for /lib/libNoVersion.so.1
Reading symbols from /lib/libdl.so.2...done.
Loaded symbols for /lib/libdl.so.2
Reading symbols from /lib/libnsl.so.1...done.
Loaded symbols for /lib/libnsl.so.1
Reading symbols from /usr/lib/libz.so.1...done.
Loaded symbols for /usr/lib/libz.so.1
Reading symbols from /lib/libutil.so.1...done.
Loaded symbols for /lib/libutil.so.1
Reading symbols from /lib/libpam.so.0...done.
Loaded symbols for /lib/libpam.so.0
Reading symbols from /lib/libc.so.6...done.
Loaded symbols for /lib/libc.so.6
Reading symbols from /lib/ld-linux.so.2...done.
Loaded symbols for /lib/ld-linux.so.2
Reading symbols from /lib/libnss_files.so.2...done.
Loaded symbols for /lib/libnss_files.so.2
#0  0x400bf737 in _IO_getline_info (fp=0x80de3d0, buf=0xbfffe834 "ç\e\017\bà\e\017\b(", n=1023, delim=10, extract_delim=1, eof=0x0)
    at ../sysdeps/i386/i486/bits/string.h:435
435     ../sysdeps/i386/i486/bits/string.h: No such file or directory.
(gdb) where
#0  0x400bf737 in _IO_getline_info (fp=0x80de3d0, buf=0xbfffe834 "ç\e\017\bà\e\017\b(", n=1023, delim=10, extract_delim=1, eof=0x0)
    at ../sysdeps/i386/i486/bits/string.h:435
#1  0x400bf87d in _IO_getline (fp=0x80de3d0, buf=0xbfffe834 "ç\e\017\bà\e\017\b(", n=1023, delim=10, extract_delim=1) at iogetline.c:39
#2  0x400be938 in _IO_fgets (buf=0xbfffe834 "ç\e\017\bà\e\017\b(", n=1024, fp=0x80de3d0) at iofgets.c:48
#3  0x804de09 in _start ()
#4  0x804e1f9 in _start ()
#5  0x804efb5 in _start ()
#6  0x804e4bd in _start ()
#7  0x804cb84 in _start ()
(gdb) quit

strace says:

[...]
3295  write(2, "Waiting for server public key.\r\n", 32) = 32
3295  select(5, [4], NULL, NULL, NULL)  = 1 (in [4])
3295  read(4, "\0\0\1\v\0\0\0\0\0\2\36\311$\2176<\354\33\0\0\3\0\0\6#"..., 8192) = 276
3295  write(2, "debug: ", 7)            = 7
3295  write(2, "Received server public key (768 "..., 65) = 65
3295  open("/root/.ssh/known_hosts", O_RDONLY) = -1 ENOENT (No such file or directory)
3295  open("/usr/local/app/openssh-2.3.0p1/etc/ssh_known_hosts", O_RDONLY) = 5
3295  fstat(5, {st_mode=S_IFREG|0644, st_size=786, ...}) = 0
3295  old_mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x4001a000
3295  read(5, "pluto,pluto.hwk-stuttgart.de,172"..., 4096) = 786
3295  read(5, "", 4096)                 = 0
3295  close(5)                          = 0
3295  munmap(0x4001a000, 4096)          = 0
3295  ioctl(0, TCGETS, {B38400 opost isig icanon echo ...}) = 0
3295  write(2, "The authenticity of host \'172.16"..., 187) = 187
3295  --- SIGSEGV (Segmentation fault) ---
3295  +++ killed by SIGSEGV +++

$ ldd /usr/local/bin/ssh
        /lib/libNoVersion.so.1 => /lib/libNoVersion.so.1 (0x40018000)
        libdl.so.2 => /lib/libdl.so.2 (0x4001e000)
        libnsl.so.1 => /lib/libnsl.so.1 (0x40021000)
        libz.so.1 => /usr/lib/libz.so.1 (0x40038000)
        libutil.so.1 => /lib/libutil.so.1 (0x40046000)
        libpam.so.0 => /lib/libpam.so.0 (0x40049000)
        libc.so.6 => /lib/libc.so.6 (0x40051000)
        /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)

-- 
Christian Recktenwald      :                         :
citecs GmbH                : chris at citecs.de         :
Unternehmensberatung fuer  : voice +49 711 601 2090  : Burgstallstrasse 54
EDV und Telekommunikation  : fax   +49 711 601 2092  : D-70199 Stuttgart

More information about the openssh-unix-dev mailing list