Weird problems on solaris 7 & 8

Justin Hahn jeh at
Sat Feb 23 05:51:56 EST 2002

I'm seeing some extremely odd behavior with solaris. I have a suspicion 
it's me, but here's the story and maybe someone can suggest an avenue of 
investigation. This seems to be happening with any release of openssh 
since at least 2.5.2p1.

1) Problem #1: If SSH protocol 1 is enabled then sshd segfaults right 
off. This turns out to be because the call to arc4random_stir is 
corrupting memory and making sensitive_data.server_key non NULL. When 
key_free is then called on it's UNALLOCATED storage, you get a pretty 
seg fault.

2) Problem #3: snprintf doesn't like the %.100s specifier.  For some 
reason 00s gets printed, and all the arguments get shifted. This breaks 
all sorts of things in all sorts of horrible ways. Some basic 
experimentation seems to indicate that if I take the .100 bit out and 
just leave %s behind that things will work. This is obviously the wrong 
fix. Note that this happens regardless of whether BROKEN_SNPRINTF is 
defined or not. (it isn't by default, but adding it to the top of 
bsd-snprintf.c and recompiling doesn't seem to help any.)

Any ideas?

(Note I'm not subscribed, so please cc: me. Thanks!)

More information about the openssh-unix-dev mailing list