Bug 1524233 - OpenSSH 7.6p1 sshd segfaults when closing SSH connection established w/ KiTTY 0.70.0.1 (Win)
Summary: OpenSSH 7.6p1 sshd segfaults when closing SSH connection established w/ KiTTY...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 27
Hardware: x86_64
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2017-12-11 01:50 UTC by chotaire
Modified: 2019-11-13 15:30 UTC (History)
7 users (show)

Fixed In Version: openssh-7.6p1-3.fc27
Clone Of:
: 1772039 (view as bug list)
Environment:
Last Closed: 2017-12-12 11:26:50 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)

Description chotaire 2017-12-11 01:50:42 UTC 
Description of problem:

OpenSSH 7.6p1 sshd segfaults when closing SSH connection after which a coredump is generated by systemd. 

Version-Release number of selected component (if applicable):

Name         : openssh-server
Version      : 7.6p1
Release      : 2.fc27
Arch         : x86_64


How reproducible:

Update to openssh-server 7.6p1, establish a SSH connection to the machine using openssh, close the connection by issueing ctrl+d. 

Steps to Reproduce:
1. Establish a SSH connection to the machine using KiTTY 0.70.0.0 (Win10)
2. Close SSH connection by issueing ctrl+d
3. sshd segfaults, a core dump is generated.

Actual results:

Dec 11 02:42:52 oahu audit[1366]: ANOM_ABEND auid=0 uid=0 gid=0 ses=21 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 pid=1366 comm="sshd" exe="/usr/sbin/sshd" sig=11 res=1
Dec 11 02:42:52 oahu kernel: sshd[1366]: segfault at 18 ip 0000564ac2e57c90 sp 00007ffe43b8c460 error 4 in sshd[564ac2e08000+c6000]
Dec 11 02:42:52 oahu systemd[1]: Started Process Core Dump (PID 1393/UID 0).
Dec 11 02:42:52 oahu systemd-coredump[1394]: Process 1366 (sshd) of user 0 dumped core.#012#012Stack trace of thread 1366:#012#0  0x0000564ac2e57c90 cipher_free (sshd)#012#1  0x0000564ac2e5be99 ssh_packet_close_internal (sshd)#012#2  0x0000564ac2e60c20 packet_close (sshd)#012#3  0x0000564ac2e1698e main (sshd)#012#4  0x00007f3931aac03a __libc_start_main (libc.so.6)#012#5  0x0000564ac2e17cfa _start (sshd)
Dec 11 02:42:52 oahu sshd[1355]: pam_unix(sshd:session): session closed for user fedorarules


Expected results:

Dec 11 02:43:40 palau sshd[2495]: pam_unix(sshd:session): session closed for user fedorarules


Additional info:

After downgrading to openssh-server 7.5p1 the problem is gone. This is the latest version of Kitty, the problem also happens with several tested older versions.
Comment 1 Fedora Update System 2017-12-11 11:49:02 UTC 
openssh-7.6p1-3.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-be30d29a15
Comment 2 Fedora Update System 2017-12-11 19:57:53 UTC 
openssh-7.6p1-3.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-be30d29a15
Comment 3 chotaire 2017-12-11 21:20:53 UTC 
Fix in openssh-7.6p1-3.fc27 tested as working. Thank you Jakub.
Comment 4 Fedora Update System 2017-12-12 11:26:50 UTC 
openssh-7.6p1-3.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.