Bug 1624323 - gsskex authentication causes segmentation fault
Summary: gsskex authentication causes segmentation fault
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: openssh
Version: 28
Hardware: All
OS: Linux
unspecified
high
Target Milestone: ---
Assignee: Jakub Jelen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-08-31 08:25 UTC by Daniel Ahlin
Modified: 2018-09-21 05:25 UTC (History)
7 users (show)

Fixed In Version: openssh-7.8p1-2.fc28 openssh-7.8p1-2.fc29
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-09-11 16:52:23 UTC
Type: Bug


Attachments (Terms of Use)
Fixes to gsskex patch to properly allocate sshbuf before use. (88.48 KB, patch)
2018-08-31 08:25 UTC, Daniel Ahlin
no flags Details | Diff

Description Daniel Ahlin 2018-08-31 08:25:40 UTC
Created attachment 1480046 [details]
Fixes to gsskex patch to properly allocate sshbuf before use.

Description of problem:

The gsskex patch for 7.8p1 which contains an adaptations to changes in sshbuf functionality fails to properly initialize the sshbuf before using it - this causes a segmentation fault at least from the client side (possibly also on the server side but this is not tested).


Version-Release number of selected component (if applicable): 7.8p1-1


How reproducible:
Always

Steps to Reproduce:
1. Try to login using gsskex

Actual results:
Segmentation fault at sshbuf.c:173


Expected results:
Successful login


Additional info:
Patch attached - this works by properly allocating the sshbuf before using it. However the patch does not properly report failure to allocate the buf (I'm not familiar enough with how such an error should be handled in that context).

Comment 1 Jakub Jelen 2018-08-31 09:02:48 UTC
Thank you very much for the bug report and a patch. Indeed, this was a case I missed somehow. I will update OpenSSH today to unbreak gssapi key exchange.

Comment 2 Daniel Ahlin 2018-08-31 09:16:00 UTC
Hi,

Thanks a lot for the very quick response. In the meantime I took a look on the Debian gssapi patch - they handle the error with fatal - perhaps a good idea - see https://sources.debian.org/src/openssh/1:7.8p1-1/debian/patches/gssapi.patch/

There is also an issue with rekeying still present in the fedora sources - I'll post a separate bug report and patch about that - possibly you would want to wait for this one before updating the package.

Comment 3 Jakub Jelen 2018-08-31 10:12:46 UTC
That is exactly what I did in my patch.

Thank you. I will have a look into the other.

Comment 4 Fedora Update System 2018-08-31 12:20:16 UTC
openssh-7.8p1-2.fc29 has been submitted as an update to Fedora 29. https://bodhi.fedoraproject.org/updates/FEDORA-2018-50a6d79d8e

Comment 5 Fedora Update System 2018-08-31 12:36:57 UTC
openssh-7.8p1-2.fc28 has been submitted as an update to Fedora 28. https://bodhi.fedoraproject.org/updates/FEDORA-2018-9effcf1f69

Comment 6 Fedora Update System 2018-08-31 16:23:21 UTC
openssh-7.8p1-2.fc29 has been pushed to the Fedora 29 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-50a6d79d8e

Comment 7 Fedora Update System 2018-08-31 22:27:54 UTC
openssh-7.8p1-2.fc28 has been pushed to the Fedora 28 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2018-9effcf1f69

Comment 8 Daniel Ahlin 2018-09-03 09:46:09 UTC
(In reply to Fedora Update System from comment #7)
> openssh-7.8p1-2.fc28 has been pushed to the Fedora 28 testing repository. If
> problems still persist, please make note of it in this bug report.
> See https://fedoraproject.org/wiki/QA:Updates_Testing for
> instructions on how to install test updates.
> You can provide feedback for this update here:
> https://bodhi.fedoraproject.org/updates/FEDORA-2018-9effcf1f69

The package in testing seems to work.

Comment 9 Fedora Update System 2018-09-11 16:52:23 UTC
openssh-7.8p1-2.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2018-09-21 05:25:24 UTC
openssh-7.8p1-2.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.