openssh stack corruption in arc4random_stir () on OS X

Tue Mar 27 16:39:31 EST 2001

Howdy.

I'm trying to get OpenSSH to work on Mac OS X which is basically BSD unix. 
I'm getting segfaults connecting to SSH1 servers (I have no SSH2 servers to 
test against so I'm not sure if it's common).

I've followed the instructions on compiling at

http://www.stepwise.com/Articles/Workbench/2001-03-21.01.html

which essentially amount to

./configure --with-rsh=/usr/bin/rsh
make
make install

(I've omitted TCP wrappers support.)  (I'm using OpenSSL 0.9.5a; I've also 
tried with 0.9.6.  I've tried both the openssl that ships with OS X and one 
compiled by me from source.)  (I've also tried openssh-2.5.2p1.)

I then try to use it:

[localhost:local/src/openssh-2.5.2p1] root# ./ssh -v -v -c idea -l cmason 
crisp
OpenSSH_2.5.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
Unknown cipher type 'idea'
[localhost:local/src/openssh-2.5.2p1] root# ./ssh -v -v -c 3des -l cmason 
crisp
OpenSSH_2.5.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f
debug2: Command 'netstat -in' timed out
debug2: Command 'netstat -rn' timed out
debug1: Seeded RNG with 30 bytes from programs
debug1: Seeded RNG with 3 bytes from system calls
debug1: Rhosts Authentication disabled, originating port will not be 
trusted.
debug1: ssh_connect: getuid 0 geteuid 0 anon 1
debug1: Connecting to crisp [128.2.83.95] port 22.
debug1: Connection established.
debug1: identity file /var/root/.ssh/identity type 0
debug1: unknown identity file /var/root/.ssh/id_rsa
debug1: identity file /var/root/.ssh/id_rsa type -1
debug1: unknown identity file /var/root/.ssh/id_dsa
debug1: identity file /var/root/.ssh/id_dsa type -1
debug1: Remote protocol version 1.5, remote software version 1.2.27
debug1: no match: 1.2.27
debug1: Local version string SSH-1.5-OpenSSH_2.5.2p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'crisp' is known and matches the RSA1 host key.
debug1: Found key in /var/root/.ssh/known_hosts:2
No valid SSH1 cipher, using 3des instead.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
Segmentation fault

A backtrace in GDB gives:

#0  0x00006bd4 in ssh_userauth (local_user=0x339d0 "", 
server_user=0xbffffc0c "cjm", host=0xe00c0 "sun4", host_key_valid=211808, 
own_host_key=0xdff50) at sshconnect1.c:1020
#1  0x000058fc in ssh_login (host_key_valid=0, own_host_key=0xdff50, 
orighost=0xbffffc10 "sun4", hostaddr=0x338b0, original_real_uid=917696) at 
sshconnect.c:774
#2  0x00003574 in main (ac=4, av=0xbffffb44) at ssh.c:698
#3  0x00002060 in _start ()
#4  0x00001ea0 in start ()
#5  0x00000000 in ?? ()

It seems that options has total garbage in it; in particular the 
num_identity_files is > 1 when I have only one identity file.

options is getting corrupted in arc4random_stir () at bsd-arc4random.c:73

It's actually corrupted in RC4_set_key().  I can't see anything obvious 
wrong here.  Before this function is called, everything seems fine, after, 
the stack is corrupted.   I can't get apple's hacked up gdb to stop inside 
this function with debugging info, so I can't quite tell what's going on 
here.

I wonder, is this the first time that openssh would call into openssl?

The exact same code works fine on Linux, obviously.

Any help would be greately appreciated.

-c

[Christopher Mason        <cmason at cmu.edu>      http://ash.rem.cmu.edu/ ]
["Don't you see?! We're actors--we're the opposite of people!" -Stoppard]