privsep versus compression
Martin MOKREJŠ
mmokrejs at natur.cuni.cz
Mon Sep 23 23:25:10 EST 2002
> On Sat, 2002-09-21 at 03:08, Martin MOKREJŠ wrote:
> > Hi,
> > I recompiled openssh-3.4p1 on Solaris 2.6 with -g3 to see, why it is
> > crashing. Please find below two core dump stacks.
>
> Please try the CVS snapshots, there have been many fixes since 3.4p1
Hi,
I've tried them in my very early trials (see first messages in this
thread). Here's repeat test case with snapshot openssh-SNAP-20020923:
$ klist
Ticket file: /tmp/tkt0
Principal: mmokrejs at NATUR.CUNI.CZ
Issued Expires Principal
Sep 23 15:20:12 Sep 24 01:20:12 krbtgt.NATUR.CUNI.CZ at NATUR.CUNI.CZ
Sep 23 15:20:15 Sep 24 01:20:15 afs at NATUR.CUNI.CZ
Sep 23 15:20:15 Sep 24 01:20:15 krbtgt.RUK.CUNI.CZ at NATUR.CUNI.CZ
$ ./ssh -v -l mmokrejs pf-i400
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x00906080
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to pf-i400 [195.113.59.251] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 132/256
debug1: bits set: 482/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Segmentation Fault (core dumped)
$ gdb ./ssh ./core
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
Core was generated by `./ssh -v -l mmokrejs pf-i400'.
Program terminated with signal 11, Segmentation Fault.
Reading symbols from /usr/athena/lib/libkafs.so.0...done.
Reading symbols from /usr/lib/libresolv.so.2...done.
Reading symbols from /usr/athena/lib/libdes.so.1...done.
Reading symbols from /usr/athena/lib/libkrb.so.1...done.
Reading symbols from /software/@sys/usr/lib/libz.so...done.
Reading symbols from /usr/lib/libsocket.so.1...done.
Reading symbols from /usr/lib/libnsl.so.1...done.
Reading symbols from /usr/lib/libc.so.1...done.
Reading symbols from /usr/athena/lib/libroken.so.16...done.
Reading symbols from /usr/lib/libdl.so.1...done.
Reading symbols from /usr/lib/libmp.so.2...done.
Reading symbols from /software/@sys/usr/lib/libdb-4.0.so...done.
Reading symbols from /usr/platform/SUNW,Ultra-30/lib/libc_psr.so.1...done.
Reading symbols from /usr/lib/nss_files.so.1...done.
#0 0xef4a53e4 in strlen ()
(gdb) where
#0 0xef4a53e4 in strlen ()
#1 0xef4dc7e4 in _doprnt ()
#2 0xef4e5c88 in vsnprintf ()
#3 0x42bb0 in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0xbea10 "using hostkeyalias: %s", args=0xefffe548) at log.c:385
#4 0x42528 in debug (fmt=0xbea10 "using hostkeyalias: %s") at log.c:159
#5 0x20bc8 in check_host_key (host=0x3 "\024\200", hostaddr=0xf81d8, host_key=0x104708, readonly=0,
user_hostfile=0x3d "'\016", system_hostfile=0xcc "ď˙ůôď˙ú\f") at sshconnect.c:561
#6 0x215f8 in verify_host_key (host=0xfc7b8 "pf-i400", hostaddr=0xf81d8, host_key=0x104708) at sshconnect.c:810
#7 0x24430 in verify_host_key_callback (hostkey=0x104708) at sshconnect2.c:71
#8 0x417e0 in kexgex_client (kex=0xff698) at kexgex.c:184
#9 0x42278 in kexgex (kex=0xff698) at kexgex.c:413
#10 0x3fb94 in kex_kexinit_finish (kex=0xff698) at kex.c:243
#11 0x3fa78 in kex_input_kexinit (type=20, seq=0, ctxt=0xff698) at kex.c:209
#12 0x3ba18 in dispatch_run (mode=0, done=0xff6dc, ctxt=0xff698) at dispatch.c:93
#13 0x2465c in ssh_kex2 (host=0xfc7b8 "pf-i400", hostaddr=0xf81d8) at sshconnect2.c:119
#14 0x2173c in ssh_login (sensitive=0xf8fb4, orighost=0xeffffaf5 "pf-i400", hostaddr=0xf81d8, pw=0xf99a0) at sshconnect.c:846
#15 0x1dd10 in main (ac=0, av=0xeffffa08) at ssh.c:701
(gdb)
$ ./ssh -v -l mmokrejs pf-i400 -1
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x00906080
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to pf-i400 [195.113.59.251] port 22.
debug1: Connection established.
debug1: read PEM private key done: type DSA
debug1: read PEM private key done: type RSA
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Local version string SSH-1.5-OpenSSH_3.4p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'pf-i400' is known and matches the RSA1 host key.
debug1: Found key in /.ssh/known_hosts:1
No valid SSH1 cipher, using 3des instead.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying Kerberos v4 authentication.
debug1: Kerberos v4 authentication accepted.
debug1: Kerberos v4 challenge successful.
debug1: Kerberos v4 TGT forwarded (mmokrejs at NATUR.CUNI.CZ).
Bus Error (core dumped)
$ gdb ./ssh ./core
GNU gdb 4.17
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.6"...
Core was generated by `./ssh -v -l mmokrejs pf-i400 -1'.
Program terminated with signal 10, Bus Error.
Reading symbols from /usr/athena/lib/libkafs.so.0...done.
Reading symbols from /usr/lib/libresolv.so.2...done.
Reading symbols from /usr/athena/lib/libdes.so.1...done.
Reading symbols from /usr/athena/lib/libkrb.so.1...done.
Reading symbols from /software/@sys/usr/lib/libz.so...done.
Reading symbols from /usr/lib/libsocket.so.1...done.
Reading symbols from /usr/lib/libnsl.so.1...done.
Reading symbols from /usr/lib/libc.so.1...done.
Reading symbols from /usr/athena/lib/libroken.so.16...done.
Reading symbols from /usr/lib/libdl.so.1...done.
Reading symbols from /usr/lib/libmp.so.2...done.
Reading symbols from /software/@sys/usr/lib/libdb-4.0.so...done.
Reading symbols from /usr/platform/SUNW,Ultra-30/lib/libc_psr.so.1...done.
Reading symbols from /usr/lib/nss_files.so.1...done.
Reading symbols from /usr/lib/nss_dns.so.1...done.
#0 0xef4c7800 in _free_unlocked ()
(gdb) where
#0 0xef4c7800 in _free_unlocked ()
#1 0xef4c77b8 in free ()
#2 0x53518 in xfree (ptr=0xa5) at xmalloc.c:55
#3 0x1de68 in main (ac=0, av=0xeffffa04) at ssh.c:717
(gdb)
--
Martin Mokrejs <mmokrejs at natur.cuni.cz>, <m.mokrejs at gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585
More information about the openssh-unix-dev
mailing list