openssh-portable segmentation faults
Bryan Drewery
bdrewery at FreeBSD.org
Thu Feb 7 23:54:56 UTC 2013
On 2/7/2013 5:16 PM, Dimitry Andric wrote:
> On 2013-02-07 22:14, Dewayne Geraghty wrote:
> ...
>> Bryan, Dimitry,
>> Thank-you for your interest.
>> Unfortunately we have no debugging tools on any of the machines. I'll
>> build one today and reproduce.
>
> I have reproduced the segfault here:
>
> Starting program:
> /usr/ports/security/openssh-portable/work/openssh-5.8p2/ssh -vvv localhost
> OpenSSH_5.8p2 FreeBSD-openssh-portable-5.8.p2_3,1, OpenSSL 1.0.1c 10
> May 2012
>
> Program received signal SIGSEGV, Segmentation fault.
> istrsnvis (dst=0xbfbfb8f4 "debug1: Reading configuration data %.200s",
> dlen=0xbfbfb880, csrc=<optimized out>, flag=33, extra=<optimized out>)
> at /usr/src/contrib/libc-vis/vis.c:380
> 380 for (start = dst; (c = *src++) != '\0'; /* empty */) {
> (gdb) bt
> #0 istrsnvis (dst=0xbfbfb8f4 "debug1: Reading configuration data
> %.200s", dlen=0xbfbfb880, csrc=<optimized out>, flag=33,
> extra=<optimized out>) at /usr/src/contrib/libc-vis/vis.c:380
> #1 0x28360cfd in istrnvis (dst=0xbfbfb8f4 "debug1: Reading
> configuration data %.200s", dlen=0xbfbfb880, src=<optimized out>,
> flag=-1077954316) at /usr/src/contrib/libc-vis/vis.c:534
> #2 0x28360d71 in strnvis (dst=0xbfbfb878 "", dlen=3217014004,
> src=0xbfbfb878 "", flag=-1077954440) at /usr/src/contrib/libc-vis/vis.c:548
> #3 0x08082e5d in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0x80a914e
> "Reading configuration data %.200s", args=0xbfbfc134 "$\321\277\277@")
> at log.c:384
> #4 0x08083048 in debug (fmt=0x80a914e "Reading configuration data
> %.200s") at log.c:209
> #5 0x08054c8e in read_config_file (filename=0xbfbfd124
> "/home/dim/.ssh/config", host=0xbfbfd770 "localhost", options=0x80b99dc
> <options>, checkperm=1) at readconf.c:1051
> #6 0x0804e542 in main (ac=0, av=0xbfbfd5c0) at ssh.c:670
>
> This is exactly the same problem as reported in this thread about
> the security/pam_ssh_agent_auth port (rather long, beware):
>
>
> http://lists.freebsd.org/pipermail/freebsd-stable/2013-January/071703.html
>
> Executive summary: we recently imported a strnvis() implementation from
> NetBSD, which has differently ordered arguments from the strnvis()
> implementation in OpenBSD. When OpenSSH calls it with arguments ordered
> in the way OpenBSD expects, the function segfaults.
>
> I guess a similar approach as take in the above thread should be taken,
> e.g. rename the function in the port to openbsd_strnvis(), and have the
> port call that. Or use macro trickery to swap the arguments... :)
Aha, thanks. I see this is logged at netbsd here
http://gnats.netbsd.org/44977 as well.
I will write up a patch.
--
Regards,
Bryan Drewery
bdrewery at freenode/EFNet
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20130207/a7738461/attachment.sig>
More information about the freebsd-ports
mailing list