NetBSD Problem Report #53012
From martin@duskware.de Mon Feb 12 12:05:07 2018
Return-Path: <martin@duskware.de>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
by mollari.NetBSD.org (Postfix) with ESMTPS id F2D167A1B7
for <gnats-bugs@gnats.NetBSD.org>; Mon, 12 Feb 2018 12:05:06 +0000 (UTC)
From: martin@NetBSD.org
Reply-To: martin@NetBSD.org
To: gnats-bugs@NetBSD.org
Subject: ssh crashes due to openssl version mismatch
X-Send-Pr-Version: 3.95
>Number: 53012
>Category: bin
>Synopsis: ssh crashes after openssh version compat changes
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: christos
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Mon Feb 12 12:10:00 +0000 2018
>Closed-Date: Tue Feb 13 09:57:16 +0000 2018
>Last-Modified: Tue Feb 13 09:57:16 +0000 2018
>Originator: Martin Husemann
>Release: NetBSD 8.99.12
>Organization:
The NetBSD Foundation, Inc.
>Environment:
System: NetBSD thirdstage.duskware.de 8.99.12 NetBSD 8.99.12 (MODULAR) #62: Mon Feb 12 12:18:53 CET 2018 martin@thirdstage.duskware.de:/usr/src/sys/arch/sparc64/compile/MODULAR sparc64
Architecture: sparc64
Machine: sparc64
>Description:
Running ssh against certain machines crashes on sparc64 after authentication:
debug1: Local version string SSH-2.0-OpenSSH_7.6 NetBSD_Secure_Shell-20171007
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.8 NetBSD_Secure_Shell-20150403-hpn13v14-lpk
debug1: match: OpenSSH_6.8 NetBSD_Secure_Shell-20150403-hpn13v14-lpk pat OpenSSH* compat 0x04000000
debug1: Authenticating to xxxxx.xxxxxx.xxxx:22 as 'martin'
Program received signal SIGSEGV, Segmentation fault.
BN_num_bits (a=0x0)
at /usr/src/crypto/external/bsd/openssl.old/dist/crypto/bn/bn_lib.c:219
219 int i = a->top - 1;
#0 BN_num_bits (a=0x0)
at /usr/src/crypto/external/bsd/openssl.old/dist/crypto/bn/bn_lib.c:219
#1 0x0000000041f23f1c in sshkey_size (k=k@entry=0x42c18180)
at /usr/src/crypto/external/bsd/openssh/dist/sshkey.c:261
#2 0x0000000041f44990 in hostfile_read_key (cpp=0xffffffffffff6ef0,
bitsp=bitsp@entry=0xffffffffffff6ee0, ret=0x42c18180)
at /usr/src/crypto/external/bsd/openssh/dist/hostfile.c:183
#3 0x0000000041f45558 in hostkeys_foreach (
path=path@entry=0x42c4b280 "/etc/ssh/ssh_known_hosts",
callback=0x41f43e00 <record_hostkey>, ctx=ctx@entry=0xffffffffffffb0a8,
host=host@entry=0x42c22110 "cvs.netbsd.org", ip=ip@entry=0x0,
options=options@entry=3)
at /usr/src/crypto/external/bsd/openssh/dist/hostfile.c:780
#4 0x0000000041f45740 in load_hostkeys (hostkeys=hostkeys@entry=0x42c22120,
host=0x42c22110 "cvs.netbsd.org",
path=0x42c4b280 "/etc/ssh/ssh_known_hosts")
at /usr/src/crypto/external/bsd/openssh/dist/hostfile.c:281
#5 0x0000000000123528 in order_hostkeyalgs (port=<optimized out>,
hostaddr=0x242e78 <hostaddr>, host=0x42c22100 "cvs.netbsd.org")
at /usr/src/crypto/external/bsd/openssh/dist/sshconnect2.c:126
(gdb) up
#1 0x0000000041f23f1c in sshkey_size (k=k@entry=0x42c18180)
at /usr/src/crypto/external/bsd/openssh/dist/sshkey.c:261
261 return BN_num_bits(k->rsa->p);
(gdb) list
256 case KEY_RSA:
257 case KEY_RSA_CERT:
258 #if OPENSSL_VERSION_NUMBER >= 0x10100000UL
259 return RSA_bits(k->rsa);
260 #else
261 return BN_num_bits(k->rsa->p);
262 #endif
(gdb) p *k->rsa
$8 = {pad = 0, version = 0, meth = 0x4244f290, engine = 0x0, n = 0x42c4b4a0,
e = 0x42c4b480, d = 0x0, p = 0x0, q = 0x0, dmp1 = 0x0, dmq1 = 0x0,
iqmp = 0x0, ex_data = {sk = 0x0, dummy = 0}, references = 1, flags = 6,
_method_mod_n = 0x0, _method_mod_p = 0x0, _method_mod_q = 0x0,
bignum_data = 0x0, blinding = 0x0, mt_blinding = 0x0}
(gdb) p k->rsa->p
$9 = (BIGNUM *) 0x0
>How-To-Repeat:
Available on request. Basically: "ssh -v $somemachine" does it for me. Works
fine with other machines.
>Fix:
n/a
>Release-Note:
>Audit-Trail:
From: Martin Husemann <martin@netbsd.org>
To: gnats-bugs@NetBSD.org
Cc:
Subject: Re: lib/53012: ssh crashes due to openssl version mismatch
Date: Mon, 12 Feb 2018 14:51:47 +0000
I can reproduce this on evbarm as well.
Martin
From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/53012 CVS commit: src/crypto/external/bsd/openssh/dist
Date: Tue, 13 Feb 2018 09:51:33 +0000
Module Name: src
Committed By: martin
Date: Tue Feb 13 09:51:33 UTC 2018
Modified Files:
src/crypto/external/bsd/openssh/dist: sshkey.c
Log Message:
Fix copy & pasto (dsa code vs. rsa code) in previous, fixes PR lib/53012
and recentish sshfs test failures.
To generate a diff of this commit:
cvs rdiff -u -r1.12 -r1.13 src/crypto/external/bsd/openssh/dist/sshkey.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Responsible-Changed-From-To: lib-bug-people->christos
Responsible-Changed-By: martin@NetBSD.org
Responsible-Changed-When: Tue, 13 Feb 2018 09:57:16 +0000
Responsible-Changed-Why:
Christos' change caused it, better keep track of this for upstreaming the change
State-Changed-From-To: open->closed
State-Changed-By: martin@NetBSD.org
State-Changed-When: Tue, 13 Feb 2018 09:57:16 +0000
State-Changed-Why:
Fixed
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.