ssh-3.5p1 core dumps on Solaris 2.6

Martin MOKREJŠ mmokrejs at natur.cuni.cz
Wed Oct 16 23:31:13 EST 2002 

On Wed, 16 Oct 2002, Darren Tucker wrote:


Hi,
  sorry for the delay in communcation, but we had a router failure:

I used for configuring openssh-3.5p1 the following:

./configure --prefix=/usr/local --with-kerberos4=/usr/athena
--with-afs=/usr/afsws --with-tcp-wrappers
--with-ssl-dir=/software/@sys/usr/openssl --without-rsh --disable-suid-ssh
--with-privsep --with-zlib --with-pam

kth-krb-1.2 and have OpenSSL 0.9.6h-dev xx XXX xxxx.

bash-2.05b# uname -a
SunOS pf-i400 5.6 Generic_105181-33 sun4u sparc SUNW,Ultra-30
bash-2.05b#


> Martin MOKREJŠ wrote:
> >   I've reported this problem a month ago on this list, and probably no-one
> > is interested? Binaries were configured with krb4 and afs enabled.
> > However, only the second crash seems to be related to krb4.
> > Any thoughts?
>
> I use neither kerberos or afs but I do have a guess:
>
> > #3  0x42bfc in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0xb9e28 "using hostkeyalias: %s",
> >     args=0xefffe510) at log.c:385
> > #4  0x42574 in debug (fmt=0xb9e28 "using hostkeyalias: %s") at log.c:159
> > #5  0x20c04 in check_host_key (host=0x5a "", hostaddr=0xf3560, host_key=0xffaa8, readonly=0,
>                                  ^^^^^^^^^
> >    user_hostfile=0x81 "", system_hostfile=0x69 " -v pf-i400") at sshconnect.c:561
>
> It looks like the hostkeyalias ended up being an invalid pointer
> somehow, which was copied into "host" and passed to debug().
>
> Does your config file have spaces or control characters on the
> HostKeyAlias line(s)? Can you post the relevant parts (ie the global

I don't see such a line at all. ;( Maybe I should upgrade my config files
as well.

> part and the host-specific part) of the config files (both user and
> system)?


Both files attached.

>
> If that doesn't help, please do the following and post the results:
> $ gdb ./ssh
> (gdb) set args [your args to ssh here]
> (gdb) break readconf.c:471
> (gdb) run
> [wait for break]
> (gdb) print *options
> (gdb) quit
>
>

bash-2.05b# gdb ./ssh
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
(gdb) set args -l mmokrejs pf-i400
(gdb) break readconf.c:471
Breakpoint 1 at 0x281fc: file readconf.c, line 471.
(gdb) run
Starting program: /scratch/openssh-3.5p1/./ssh -l mmokrejs pf-i400

Program received signal SIGSEGV, Segmentation fault.
0xef4dca78 in _doprnt ()
(gdb) print *options
Structure has no component named operator*.
(gdb) where
#0  0xef4dca78 in _doprnt ()
#1  0xef4e5c88 in vsnprintf ()
#2  0x42c1c in do_log (level=SYSLOG_LEVEL_INFO,
    fmt=0xba0c0 "Failed to add the host to the list of known hosts (%.500s).",
    args=0xefffe4d8) at log.c:387
#3  0x424f4 in log (
    fmt=0xba0c0 "Failed to add the host to the list of known hosts (%.500s).")
    at log.c:135
#4  0x21064 in check_host_key (host=0xb1 <Address 0xb1 out of bounds>,
    hostaddr=0xf3560, host_key=0xffaa8, readonly=0,
    user_hostfile=0x2c <Address 0x2c out of bounds>,
    system_hostfile=0x56 <Address 0x56 out of bounds>) at sshconnect.c:671
#5  0x21634 in verify_host_key (host=0xf7b40 "pf-i400", hostaddr=0xf3560,
    host_key=0xffaa8) at sshconnect.c:810
#6  0x2446c in verify_host_key_callback (hostkey=0xffaa8) at sshconnect2.c:71
#7  0x4182c in kexgex_client (kex=0xfaa20) at kexgex.c:184
#8  0x422c4 in kexgex (kex=0xfaa20) at kexgex.c:413
#9  0x3fbe0 in kex_kexinit_finish (kex=0xfaa20) at kex.c:243
#10 0x3fac4 in kex_input_kexinit (type=20, seq=0, ctxt=0xfaa20) at kex.c:209
#11 0x3ba64 in dispatch_run (mode=0, done=0xfaa64, ctxt=0xfaa20)
    at dispatch.c:93
#12 0x24698 in ssh_kex2 (host=0xf7b40 "pf-i400", hostaddr=0xf3560)
    at sshconnect2.c:119
---Type <return> to continue, or q <return> to quit---
#13 0x21778 in ssh_login (sensitive=0xf433c, orighost=0xeffffa99 "pf-i400",
    hostaddr=0xf3560, pw=0xf4d28) at sshconnect.c:846
#14 0x1dd4c in main (ac=0, av=0xeffff994) at ssh.c:701
(gdb) where
#0  0xef4dca78 in _doprnt ()
#1  0xef4e5c88 in vsnprintf ()
#2  0x42c1c in do_log (level=SYSLOG_LEVEL_INFO,
    fmt=0xba0c0 "Failed to add the host to the list of known hosts (%.500s).",
    args=0xefffe4d8) at log.c:387
#3  0x424f4 in log (
    fmt=0xba0c0 "Failed to add the host to the list of known hosts (%.500s).")
    at log.c:135
#4  0x21064 in check_host_key (host=0xb1 <Address 0xb1 out of bounds>,
    hostaddr=0xf3560, host_key=0xffaa8, readonly=0,
    user_hostfile=0x2c <Address 0x2c out of bounds>,
    system_hostfile=0x56 <Address 0x56 out of bounds>) at sshconnect.c:671
#5  0x21634 in verify_host_key (host=0xf7b40 "pf-i400", hostaddr=0xf3560,
    host_key=0xffaa8) at sshconnect.c:810
#6  0x2446c in verify_host_key_callback (hostkey=0xffaa8) at sshconnect2.c:71
#7  0x4182c in kexgex_client (kex=0xfaa20) at kexgex.c:184
#8  0x422c4 in kexgex (kex=0xfaa20) at kexgex.c:413
#9  0x3fbe0 in kex_kexinit_finish (kex=0xfaa20) at kex.c:243
#10 0x3fac4 in kex_input_kexinit (type=20, seq=0, ctxt=0xfaa20) at kex.c:209
#11 0x3ba64 in dispatch_run (mode=0, done=0xfaa64, ctxt=0xfaa20)
    at dispatch.c:93
#12 0x24698 in ssh_kex2 (host=0xf7b40 "pf-i400", hostaddr=0xf3560)
    at sshconnect2.c:119
---Type <return> to continue, or q <return> to quit---
#13 0x21778 in ssh_login (sensitive=0xf433c, orighost=0xeffffa99 "pf-i400",
    hostaddr=0xf3560, pw=0xf4d28) at sshconnect.c:846
#14 0x1dd4c in main (ac=0, av=0xeffff994) at ssh.c:701
(gdb) l
216             u_short fwd_port, fwd_host_port;
217             char sfwd_port[6], sfwd_host_port[6];
218             char *p, *cp, buf[256];
219             struct stat st;
220             struct passwd *pw;
221             int dummy;
222             extern int optind, optreset;
223             extern char *optarg;
224
225             __progname = get_progname(av[0]);
(gdb) print options
$1 = {forward_agent = 163, forward_x11 = 4,
  xauth_location = 0x79 <Address 0x79 out of bounds>, gateway_ports = 15,
  use_privileged_port = 43, rhosts_authentication = 63,
  rhosts_rsa_authentication = 208, rsa_authentication = 111,
  pubkey_authentication = 156, hostbased_authentication = 230,
  challenge_response_authentication = 35, kerberos_authentication = 219,
  kerberos_tgt_passing = 66, afs_token_passing = 212,
  password_authentication = 157, kbd_interactive_authentication = 141,
  kbd_interactive_devices = 0xdc <Address 0xdc out of bounds>,
  batch_mode = 89, check_host_ip = 0, strict_host_key_checking = 254,
  compression = 62, compression_level = 73, keepalives = 5, log_level = 201,
  port = 223, connection_attempts = 57, number_of_password_prompts = 124,
  cipher = 243, ciphers = 0x1c <Address 0x1c out of bounds>,
  macs = 0xe8 <Address 0xe8 out of bounds>,
  hostkeyalgorithms = 0xbd <Address 0xbd out of bounds>, protocol = 55,
  hostname = 0x24 <Address 0x24 out of bounds>,
  host_key_alias = 0xb1 <Address 0xb1 out of bounds>,
  proxy_command = 0xf9 <Address 0xf9 out of bounds>,
  user = 0x44 <Address 0x44 out of bounds>, escape_char = 39,
  system_hostfile = 0x56 <Address 0x56 out of bounds>,
  user_hostfile = 0x2c <Address 0x2c out of bounds>,
  system_hostfile2 = 0x26 <Address 0x26 out of bounds>,
  user_hostfile2 = 0xde <Address 0xde out of bounds>,
---Type <return> to continue, or q <return> to quit---
  preferred_authentications = 0x17 <Address 0x17 out of bounds>,
  bind_address = 0x6d <Address 0x6d out of bounds>,
  smartcard_device = 0xaf <Address 0xaf out of bounds>,
  num_identity_files = 247, identity_files = {0xc <Address 0xc out of bounds>,
    0x46 <Address 0x46 out of bounds>, 0xf8 <Address 0xf8 out of bounds>,
    0xe7 <Address 0xe7 out of bounds>, 0xa <Address 0xa out of bounds>,
    0x89 <Address 0x89 out of bounds>, 0x72 <Address 0x72 out of bounds>,
    0xfb <Address 0xfb out of bounds>, 0x1 <Address 0x1 out of bounds>,
    0x20 <Address 0x20 out of bounds>, 0xbb <Address 0xbb out of bounds>,
    0xe5 <Address 0xe5 out of bounds>, 0xa5 <Address 0xa5 out of bounds>,
    0xdd <Address 0xdd out of bounds>, 0x92 <Address 0x92 out of bounds>,
    0x58585858 <Address 0x58585858 out of bounds> <repeats 85 times>},
  identity_keys = {0x0, 0x0, 0x0, 0x58585858 <repeats 97 times>},
  num_local_forwards = 0, local_forwards = {{port = 22616,
      host = 0x58585858 <Address 0x58585858 out of bounds>,
      host_port = 22616} <repeats 100 times>}, num_remote_forwards = 0,
  remote_forwards = {{port = 22616,
      host = 0x58585858 <Address 0x58585858 out of bounds>,
      host_port = 22616} <repeats 100 times>}, clear_forwardings = -1,
  no_host_authentication_for_localhost = 0}
(gdb)

-- 
Martin Mokrejs <mmokrejs at natur.cuni.cz>, <m.mokrejs at gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ssh_config.gz
Type: application/octet-stream
Size: 535 bytes
Desc: 
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20021016/26aa2441/attachment.obj 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sshd_config.gz
Type: application/octet-stream
Size: 936 bytes
Desc: 
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20021016/26aa2441/attachment-0001.obj

More information about the openssh-unix-dev mailing list