ports/87113: OpenSSL-0.9.8 crashes OpenSSH-portable-4.2.0.0,1

Jukka A. Ukkonen jau at iki.fi
Sat Oct 8 09:10:18 UTC 2005 

>Number:         87113
>Category:       ports
>Synopsis:       OpenSSL-0.9.8 crashes OpenSSH-portable-4.2.0.0,1
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 08 09:10:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Jukka A. Ukkonen
>Release:        4.11-STABLE
>Organization:
private citizen
>Environment:
FreeBSD mjolnir 4.11-STABLE FreeBSD 4.11-STABLE #0: Wed Sep 21 07:56:19 EET DST 2005     jau at mjolnir:/home/src/sys/compile/Mjolnir  i386

>Description:
              When linked against OpenSSL-0.9.8 OpenSSH-portable-4.2.0.0,1 crashes
as follows...

Plain command line example:
---------------------------
# /usr/local/sbin/sshd
Segmentation fault

When started inside gdb:
------------------------
(gdb) run
Starting program: /usr/local/sbin/sshd 
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x281299e1 in bn_mul_add_words () from /usr/local/lib/libcrypto.so.4

With older OpenSSL-0.9.7g there are no problems with OpenSSL-4.2p1.

I classified this bug as *critical/high* because both OpenSSL and OpenSSH
are these days very widely used and important elements of overall system
security, and everybody should be able to update ASAP there are new stable
versions available.
OTOH I assume the roots of this problem lie in some little incompatibility
which both OpenSSL and OpenSSH maintainers or ports admins have completely
overlooked.

>How-To-Repeat:
              Try the same versions of OpenSSL and OpenSSH on FreeBSD-4.11-STABLE.
Supposedly neither OpenSSL ports admin nor OpenSSH-portable ports admin has really
tested this combination before publishing the latest ports.


>Fix:
              No fix or explanation known yet.
There are a couple of good guesses though...
1) Either the call API to bn_mul_add_words() has changed in 0.9.8 or
2) the OpenSSH-4.2p1 port has always been using that function in an improper manner.

>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list