Description of problem: Sshd fails if remote program generates too much output when using v2. It looks like the code to throttle the stdout from the program being executed is commented out in v2. So the sshd continues to allocate memory to buffer the stdout until it hits aprox 10Mb and then it just aborts. This doesn't happen with openssh's own client, possibly due to it's constant adjustments to the window sizes works around it. Version-Release number of selected component (if applicable): All OpenSSH v2 versions at this point. How reproducible: Always. Steps to Reproduce: [see attachment] 1. Download cryptlib from http://www.cs.auckland.ac.nz/~pgut001/cryptlib/ 2. Replace session/ssh2_msg.c and session/ssh2_rw.c with the ones included in this tar file. 3. Compile cryptlib 4. Edit sshtest.c and put in your account settings and the path to the genstdout binary 5. Compile genstdout and sshtest (see compile.sh) 6. Run sshtest Actual results: In the sshd logs you'll find: fatal: buffer_append_space: alloc 10489856 not supported Expected results: The program should just continue to run until interrupted. Additional info:
Created attachment 125784 [details] Patch against openssh-4.3p2 that appears to fix the problem
Created attachment 125785 [details] Kit to reproduce the problem
It seems there is now a real patch in the upstream bugzilla. http://bugzilla.mindrot.org/show_bug.cgi?id=1131
Latest patch works for me. http://bugzilla.mindrot.org/attachment.cgi?id=1117
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux maintenance release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Update release for currently deployed products. This request is not yet committed for inclusion in an Update release.
Fixed in openssh-3.9p1-8.RHEL4.18
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2007-0257.html