Bug 53020

Summary: sshd segfaults after pam failure.
Product: [Retired] Red Hat Public Beta Reporter: Chris Kloiber <ckloiber>
Component: opensshAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED RAWHIDE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: roswell   
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-09-04 14:36:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Chris Kloiber 2001-09-01 22:10:05 UTC 
Description of Problem:

sshd drops connection after 1 passowrd attempt:

# sshd -d
debug1: Seeding random number generator
debug1: sshd version OpenSSH_2.9p2
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 172.16.46.121 port 32979
debug1: Client protocol version 2.0; client software version OpenSSH_2.9p2
debug1: match: OpenSSH_2.9p2 pat ^OpenSSH
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_2.9p2
debug1: Rhosts Authentication disabled, originating port not trusted.
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1061/2049
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1039/2049
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user root service ssh-connection method none
debug1: attempt 0 failures 0
debug1: Starting up PAM with username "root"
debug1: PAM setting rhost to "ckloiber.support.redhat.com"
Failed none for ROOT from 172.16.46.121 port 32979 ssh2
debug1: userauth-request for user root service ssh-connection method password
debug1: attempt 1 failures 1
debug1: PAM Password authentication accepted for user "root"
Segmentation fault

(sshd is the program segfaulting)

Error is identical (except for username) if tried as non-root.

Version-Release number of selected component (if applicable):

openssh-server-2.9p2-6
openssh-askpass-2.9p2-6
openssh-askpass-gnome-2.9p2-6
openssh-clients-2.9p2-6
openssh-2.9p2-6

openssl096-0.9.6-6
openssl-0.9.6b-7
openssl-perl-0.9.6b-7
openssl-devel-0.9.6b-7
openssl095a-0.9.5a-11

pam_smb-1.1.6-2
pam-devel-0.75-10
pam_krb5-1.45-1
pam-0.75-10

Steps to Reproduce:
1. start 'sshd -d' using above package versions
2. connect from another machine.
3. gets as far as entering the password, then *BOOM!*
Comment 1 Nalin Dahyabhai 2001-09-06 03:07:04 UTC 
This should be fixed in pam-0.75-11 and later.  Please reopen this bug if you
find that this is not the case.