privsep versus compression

Martin MOKREJŠ mmokrejs at natur.cuni.cz
Sat Sep 21 03:08:50 EST 2002 

Hi,
  I recompiled openssh-3.4p1 on Solaris 2.6 with -g3 to see, why it is
crashing. Please find below two core dump stacks.


When using protocol 2:

debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 119/256
debug1: bits set: 515/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
Segmentation Fault (core dumped)

(gdb) where
#0  0xef4a53e4 in strlen ()
#1  0xef4dc7e4 in _doprnt ()
#2  0xef4e5c88 in vsnprintf ()
#3  0x43a2c in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0xc8128 "using hostkeyalias: %s", args=0xefffe4d0) at log.c:365
#4  0x433e4 in debug (fmt=0xc8128 "using hostkeyalias: %s") at log.c:153
#5  0x20b74 in check_host_key (host=0x6b "v -l mmokrejs pf-i400 -p 222", hostaddr=0x103d58, host_key=0x110318,
    readonly=0, user_hostfile=0x40 "", system_hostfile=0xbc "") at sshconnect.c:568
#6  0x2157c in verify_host_key (host=0x108338 "pf-i400", hostaddr=0x103d58, host_key=0x110318) at sshconnect.c:809
#7  0x241c8 in verify_host_key_callback (hostkey=0x110318) at sshconnect2.c:71
#8  0x42620 in kexgex_client (kex=0x10b218) at kexgex.c:184
#9  0x430fc in kexgex (kex=0x10b218) at kexgex.c:413
#10 0x40850 in kex_kexinit_finish (kex=0x10b218) at kex.c:243
#11 0x40728 in kex_input_kexinit (type=20, seq=0, ctxt=0x10b218) at kex.c:209
#12 0x3c560 in dispatch_run (mode=0, done=0x10b25c, ctxt=0x10b218) at dispatch.c:93
#13 0x24414 in ssh_kex2 (host=0x108338 "pf-i400", hostaddr=0x103d58) at sshconnect2.c:119
#14 0x216c0 in ssh_login (sensitive=0x104b34, orighost=0xeffffa3d "pf-i400", hostaddr=0x103d58, pw=0x105520)
    at sshconnect.c:845
#15 0x1dc64 in main (ac=0, av=0xeffff940) at ssh.c:697



And here is another crash when using protocol 1:

debug1: Remote protocol version 1.99, remote software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH_2.*,OpenSSH_3.0*,OpenSSH_3.1*
debug1: Local version string SSH-1.5-OpenSSH_3.4p1
debug1: Waiting for server public key.
debug1: Received server public key (768 bits) and host key (1024 bits).
debug1: Host 'pf-i400' is known and matches the RSA1 host key.
debug1: Found key in /.ssh/known_hosts:6
No valid SSH1 cipher, using 3des instead.
debug1: Encryption type: 3des
debug1: Sent encrypted session key.
debug1: cipher_init: set keylen (16 -> 32)
debug1: cipher_init: set keylen (16 -> 32)
debug1: Installing crc compensation attack detector.
debug1: Received encrypted confirmation.
debug1: Trying Kerberos v4 authentication.
debug1: Kerberos v4 authentication accepted.
debug1: Kerberos v4 challenge successful.
debug1: Kerberos v4 TGT forwarded (mmokrejs at NATUR.CUNI.CZ).
Bus Error (core dumped)

#0  0xef4c7800 in _free_unlocked ()
#1  0xef4c77b8 in free ()
#2  0x55558 in xfree (ptr=0x9e) at xmalloc.c:55
#3  0x1ddc8 in main (ac=0, av=0xeffff93c) at ssh.c:713
(gdb)

Could anyone help? Thanks!

-- 
Martin Mokrejs <mmokrejs at natur.cuni.cz>, <m.mokrejs at gsf.de>
PGP5.0i key is at http://www.natur.cuni.cz/~mmokrejs
MIPS / Institute for Bioinformatics <http://mips.gsf.de>
GSF - National Research Center for Environment and Health
Ingolstaedter Landstrasse 1, D-85764 Neuherberg, Germany
tel.: +49-89-3187 3683 , fax: +49-89-3187 3585

More information about the openssh-unix-dev mailing list