openssh-portable segmentation faults

Bryan Drewery bdrewery at FreeBSD.org
Thu Feb 7 23:54:56 UTC 2013 

On 2/7/2013 5:16 PM, Dimitry Andric wrote:
> On 2013-02-07 22:14, Dewayne Geraghty wrote:
> ...
>> Bryan, Dimitry,
>> Thank-you for your interest.
>> Unfortunately we have no debugging tools on any of the machines. I'll
>> build one today and reproduce.
> 
> I have reproduced the segfault here:
> 
>   Starting program:
> /usr/ports/security/openssh-portable/work/openssh-5.8p2/ssh -vvv localhost
>   OpenSSH_5.8p2 FreeBSD-openssh-portable-5.8.p2_3,1, OpenSSL 1.0.1c 10
> May 2012
> 
>   Program received signal SIGSEGV, Segmentation fault.
>   istrsnvis (dst=0xbfbfb8f4 "debug1: Reading configuration data %.200s",
> dlen=0xbfbfb880, csrc=<optimized out>, flag=33, extra=<optimized out>)
> at /usr/src/contrib/libc-vis/vis.c:380
>   380             for (start = dst; (c = *src++) != '\0'; /* empty */) {
>   (gdb) bt
>   #0  istrsnvis (dst=0xbfbfb8f4 "debug1: Reading configuration data
> %.200s", dlen=0xbfbfb880, csrc=<optimized out>, flag=33,
> extra=<optimized out>) at /usr/src/contrib/libc-vis/vis.c:380
>   #1  0x28360cfd in istrnvis (dst=0xbfbfb8f4 "debug1: Reading
> configuration data %.200s", dlen=0xbfbfb880, src=<optimized out>,
> flag=-1077954316) at /usr/src/contrib/libc-vis/vis.c:534
>   #2  0x28360d71 in strnvis (dst=0xbfbfb878 "", dlen=3217014004,
> src=0xbfbfb878 "", flag=-1077954440) at /usr/src/contrib/libc-vis/vis.c:548
>   #3  0x08082e5d in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0x80a914e
> "Reading configuration data %.200s", args=0xbfbfc134 "$\321\277\277@")
> at log.c:384
>   #4  0x08083048 in debug (fmt=0x80a914e "Reading configuration data
> %.200s") at log.c:209
>   #5  0x08054c8e in read_config_file (filename=0xbfbfd124
> "/home/dim/.ssh/config", host=0xbfbfd770 "localhost", options=0x80b99dc
> <options>, checkperm=1) at readconf.c:1051
>   #6  0x0804e542 in main (ac=0, av=0xbfbfd5c0) at ssh.c:670
> 
> This is exactly the same problem as reported in this thread about
> the security/pam_ssh_agent_auth port (rather long, beware):
> 
>  
> http://lists.freebsd.org/pipermail/freebsd-stable/2013-January/071703.html
> 
> Executive summary: we recently imported a strnvis() implementation from
> NetBSD, which has differently ordered arguments from the strnvis()
> implementation in OpenBSD.  When OpenSSH calls it with arguments ordered
> in the way OpenBSD expects, the function segfaults.
> 
> I guess a similar approach as take in the above thread should be taken,
> e.g. rename the function in the port to openbsd_strnvis(), and have the
> port call that.  Or use macro trickery to swap the arguments... :)

Aha, thanks. I see this is logged at netbsd here
http://gnats.netbsd.org/44977 as well.

I will write up a patch.

-- 
Regards,
Bryan Drewery
bdrewery at freenode/EFNet

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 898 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20130207/a7738461/attachment.sig>

More information about the freebsd-ports mailing list