ssh-3.5p1 core dumps on Solaris 2.6
Martin MOKREJŠ
mmokrejs at natur.cuni.cz
Wed Oct 16 20:09:21 EST 2002
Hi,
I've reported this problem a month ago on this list, and probably no-one
is interested? Binaries were configured with krb4 and afs enabled.
However, only the second crash seems to be related to krb4.
Any thoughts?
I had to add one line to includes.h:
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/ioctl.h>
+#include <sys/ioccom.h>
#include <sys/wait.h>
$ ./ssh -v pf-i400
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x00906080
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to pf-i400 [195.113.59.251] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1529/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Segmentation Fault (core dumped)
$ gdb ./ssh ./core
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
Core was generated by `./ssh -v pf-i400'.
Program terminated with signal 11, Segmentation Fault.
Reading symbols from /usr/athena/lib/libkafs.so.0...done.
Reading symbols from /usr/lib/libresolv.so.2...done.
Reading symbols from /usr/athena/lib/libdes.so.1...done.
Reading symbols from /usr/athena/lib/libkrb.so.1...done.
Reading symbols from /software/@sys/usr/lib/libz.so...done.
Reading symbols from /usr/lib/libsocket.so.1...done.
Reading symbols from /usr/lib/libnsl.so.1...done.
Reading symbols from /usr/lib/libc.so.1...done.
Reading symbols from /usr/athena/lib/libroken.so.16...done.
Reading symbols from /usr/lib/libdl.so.1...done.
Reading symbols from /usr/lib/libmp.so.2...done.
Reading symbols from /software/@sys/usr/lib/libdb-4.0.so...done.
Reading symbols from /usr/platform/SUNW,Ultra-30/lib/libc_psr.so.1...done.
Reading symbols from /usr/lib/nss_files.so.1...done.
#0 0xef4a5400 in strlen ()
(gdb) where
#0 0xef4a5400 in strlen ()
#1 0xef4dc7e4 in _doprnt ()
#2 0xef4e5c88 in vsnprintf ()
#3 0x42bfc in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0xb9e28 "using hostkeyalias: %s",
args=0xefffe510) at log.c:385
#4 0x42574 in debug (fmt=0xb9e28 "using hostkeyalias: %s") at log.c:159
#5 0x20c04 in check_host_key (host=0x5a "", hostaddr=0xf3560, host_key=0xffaa8, readonly=0,
user_hostfile=0x81 "", system_hostfile=0x69 " -v pf-i400") at sshconnect.c:561
#6 0x21634 in verify_host_key (host=0xfa790 "pf-i400", hostaddr=0xf3560, host_key=0xffaa8)
at sshconnect.c:810
#7 0x2446c in verify_host_key_callback (hostkey=0xffaa8) at sshconnect2.c:71
#8 0x4182c in kexgex_client (kex=0x105d90) at kexgex.c:184
#9 0x422c4 in kexgex (kex=0x105d90) at kexgex.c:413
#10 0x3fbe0 in kex_kexinit_finish (kex=0x105d90) at kex.c:243
#11 0x3fac4 in kex_input_kexinit (type=20, seq=0, ctxt=0x105d90) at kex.c:209
#12 0x3ba64 in dispatch_run (mode=0, done=0x105dd4, ctxt=0x105d90) at dispatch.c:93
#13 0x24698 in ssh_kex2 (host=0xfa790 "pf-i400", hostaddr=0xf3560) at sshconnect2.c:119
#14 0x21778 in ssh_login (sensitive=0xf433c, orighost=0xeffffab1 "pf-i400",
hostaddr=0xf3560, pw=0xf4d28) at sshconnect.c:846
#15 0x1dd4c in main (ac=0, av=0xeffff9c8) at ssh.c:701
(gdb)
$ ./ssh -v pf-i400 -1
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x00906080
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to pf-i400 [195.113.59.251] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
debug1: Local version string SSH-1.5-OpenSSH_3.5p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'pf-i400' is known and matches the RSA1 host key.
debug1: Found key in /.ssh/known_hosts:1
No valid SSH1 cipher, using 3des instead.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying Kerberos v4 authentication.
debug1: Kerberos v4 authentication failed.
Segmentation Fault (core dumped)
$ gdb ./ssh ./core
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
Core was generated by `./ssh -v pf-i400 -1'.
Program terminated with signal 11, Segmentation Fault.
Reading symbols from /usr/athena/lib/libkafs.so.0...done.
Reading symbols from /usr/lib/libresolv.so.2...done.
Reading symbols from /usr/athena/lib/libdes.so.1...done.
Reading symbols from /usr/athena/lib/libkrb.so.1...done.
Reading symbols from /software/@sys/usr/lib/libz.so...done.
Reading symbols from /usr/lib/libsocket.so.1...done.
Reading symbols from /usr/lib/libnsl.so.1...done.
Reading symbols from /usr/lib/libc.so.1...done.
Reading symbols from /usr/athena/lib/libroken.so.16...done.
Reading symbols from /usr/lib/libdl.so.1...done.
Reading symbols from /usr/lib/libmp.so.2...done.
Reading symbols from /software/@sys/usr/lib/libdb-4.0.so...done.
Reading symbols from /usr/platform/SUNW,Ultra-30/lib/libc_psr.so.1...done.
Reading symbols from /usr/lib/nss_files.so.1...done.
Reading symbols from /usr/lib/nss_dns.so.1...done.
#0 0x24210 in ssh_userauth1 (local_user=0xf7b30 "root", server_user=0xf79e0 "root",
host=0xfa790 "pf-i400", sensitive=0xf433c) at sshconnect1.c:1248
1248 if (options.identity_keys[i] != NULL &&
(gdb) where
#0 0x24210 in ssh_userauth1 (local_user=0xf7b30 "root", server_user=0xf79e0 "root",
host=0xfa790 "pf-i400", sensitive=0xf433c) at sshconnect1.c:1248
#1 0x217c0 in ssh_login (sensitive=0xf433c, orighost=0xeffffaad "pf-i400",
hostaddr=0xf3560, pw=0xf4d28) at sshconnect.c:850
#2 0x1dd4c in main (ac=0, av=0xeffff9c4) at ssh.c:701
(gdb)
--
Martin Mokrejs <mmokrejs at natur.cuni.cz>, <m.mokrejs at gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585
More information about the openssh-unix-dev
mailing list