Segfault in 2.2.0p1 due to connect() changes in Linux 2.4
Jeffrey W. Baker
jwbaker at acm.org
Fri Oct 27 13:47:12 EST 2000
Hello,
I upgraded (?) one of my machines to Linux kernel 2.4.0-test9, and sshd
started failing. Specifically, the sshd child processes would segfault if
a user requested X11 forwarding. I tracked the problem down to these bits
of code:
channels.c, x11_create_display_inet, line 1738:
sock = socket(ai->ai_family, SOCK_STREAM, 0);
if (sock < 0) {
if (errno != EINVAL) {
error("socket: %.100s", strerror(errno));
return NULL;
} else {
debug("Socket family %d not supported [X11 disp create]",
ai->ai_family);
continue;
}
}
session.c, do_child, line 1219:
} else if (options.xauth_location != NULL) {
/* Add authority data to .Xauthority if appropriate. */
if (auth_proto != NULL && auth_data != NULL) {
char *screen = strchr(display, ':');
The problem seems to be that the socket() function not returning EINVAL
(as the man page suggests), but is instead returning EAFNOSUPPORT. This
change was made recently...
http://www.uwsg.iu.edu/hypermail/linux/kernel/0008.3/0342.html
...in order to conform to Single Unix v2:
http://www.opennc.org/onlinepubs/007908799/xns/connect.html
Anyway, the caller is unable to handle a NULL return from
x11_create_display_inet(), and the eventual deref of s->display in
do_child is fatal.
Two workarounds exist. The first is to disable X11 connection
forwarding. The second is to rebuild with --with-ipv4-default, which
avoids the problem.
The correct solution is for OpenSSH to handle NULL returns from
x11_create_display_inet(). Sadly, I have not made a patch.
OpenSSH developers might also want to investigate the semantics of the
connect() return codes EAFNOSUPPORT and EINVAL, with regards to Posix1.g
and Single Unix v2 (and Stevens TCPv2).
Cheers etc.,
Jeffrey baker
More information about the openssh-unix-dev
mailing list