"Bad packet length 1231976033"

Philip Prindeville philipp_subx at redfish-solutions.com
Tue Apr 25 03:36:03 AEST 2023



> On Apr 10, 2023, at 7:24 AM, Darren Tucker <dtucker at dtucker.net> wrote:
> 
> On Mon, 10 Apr 2023 at 07:07, Peter Stuge <peter at stuge.se> wrote:
>> 
>> Brian Candler wrote:
>>>> What's odd is that the length is *always* 1231976033 (which is
>>>> 0x496E7661 or "Inva" in ASCII).
> 
> One thing that can cause this is if the libc writes to stderr (ie fd
> 2) on some classes of error.   This is something libc should probably
> not do, since in things that are not simple command line tools (say, a
> ssh daemon) may be using fd 2 for something else entirely.
> 
>>> Could you get a tcpdump when this happens?
>> 
>> Or debug output from at least the client (run ssh with -vvv) or
>> preferably the server (run sshd with -ddd).
> 
> That's probably not going to show it, but strace'ing either the client
> or the server will probably capture the error message in full.
> 
> Since you're using 9.1, the message could be an "Invalid free", since
> there was a double-free bug in that release :-(
> 


Forgot to ask: does this bug manifest at any particular time, or just connection initiation?  Because I can see it happen on a connection that's been up for days... either idle or experiencing heavy traffic... etc.

-Philip




More information about the openssh-unix-dev mailing list