With bounds checking patch for gcc-3.1 problems if using AES
Gert Doering
gert at greenie.muc.de
Mon Jul 15 22:44:28 EST 2002
Hi,
On Fri, Jul 12, 2002 at 04:07:55PM +0200, Lutz Jaenicke wrote:
[..]
> > - all sorts of key handling with DSA or RSA2 keys leads to core dumping,
> > while everything done with RSA1 keys works just fine. "ssh -1" has
> > no problems whatsoever either.
> >
> > Happens *only* on FreeBSD 2.1.x machines, with x > 5.
> >
> > As this machine will go out of service "soon" anyway, I haven't done any
> > in-depth debugging yet.
>
> If it would be a bug inside FreeBSD's routines, debugging would be a waste
> of time. One can however not be sure. Maybe there is a bug in OpenSSH
> (or OpenSSL, that's why I am following the thread closely) that just becomes
> visible under certain conditions.
I tracked this down today. It is not a bug in OpenSSL :-) and not really
a bug in OpenSSH.
The crash happens inside uuencode() which calls __b64_ntop(). From tracing
with gdb, it seems __b64_ntop() is completely zero'ing the stack...
This happens only with the system __b64_ntop() (/usr/lib/libc.so.3.0), but
not with the openbsd-compat/base64.c one. It works fine if I modify
config.h after configure, and set "#undef HAVE___B64_NTOP".
I write this to document it as a "known operating system problem", but I
don't think it's worth to invest effort into fixing it - FreeBSD 2.1 is
*old*. If someone besides us runs into this problem, he should be able
to find the solution in the archives now :-)
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert.doering at physik.tu-muenchen.de
More information about the openssh-unix-dev
mailing list