[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Sat Apr 1 00:34:00 AEDT 2017


--- Comment #6 from Luis Ressel <aranea at aixah.de> ---
Okay, I think I've figured this out. When I enable --with-ldns,
./configure adds the output of "ldns-config --libs" (that's "-Wl,-O1
-Wl,--as-needed   -L/usr/lib64   -lcrypto -lldns") to all of its
internal gcc calls.

On my system, libcrypto.so is provided by libressl and has some
internal symbols (strlcat, strlcpy, reallocarray, explicit_bzero,
timingsafe_bcmp and reallocarray) which configure searches for and
wouldn't otherwise have found. Thus, ssh uses libressl's version of
these functions instead of its own versions in the openbsd-compat/
folder. This somehow causes my segfault.

I have no idea how to fix this, though, since the autotools are a huge
blackbox to me. Could we prevent configure from adding ${ldns-config
--libs} to all its compiler calls (and instead only add it to the
ldns-related compiler calls)? This sounds like a messy hack, though...

You are receiving this mail because:
You are watching the assignee of the bug.

More information about the openssh-bugs mailing list