Bug 242452 - openssh segfaults if hosts.(allow|deny) used.
Summary: openssh segfaults if hosts.(allow|deny) used.
Alias: None
Product: Fedora
Classification: Fedora
Component: tcp_wrappers   
(Show other bugs)
Version: 7
Hardware: x86_64
OS: Linux
Target Milestone: ---
Assignee: Tomas Janousek
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2007-06-04 11:35 UTC by Per Steinar Iversen
Modified: 2007-11-30 22:12 UTC (History)
3 users (show)

Fixed In Version: 7.6-47.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-06-07 15:59:37 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Per Steinar Iversen 2007-06-04 11:35:46 UTC
Description of problem:

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install F7 with openssh
2. Add /etc/hosts.allow and /etc/hosts.deny
3. ssh login in not possible, the log shows that sshd segfaults.
Actual results:

ssh login not possible.

Expected results:

ssh should work.

It is enough that /etc/hosts.allow and /etc/hosts.deny exists with default
values. The syslog like this:

sshd[6518]: segfault at ffffffffaaece3a0 rip 00002aaaace2aa1c rsp
00007fff5a2b3b18 error 4

Additional info:

Comment 1 Tomas Mraz 2007-06-04 12:30:46 UTC
I'm sorry but I cannot reproduce it here. Are the /etc/hosts.allow and
/etc/hosts.deny really the default ones (empty with nothing except comments)?
Which version of tcp_wrappers do you have?

Can you try to obtain a stack trace - attach a gdb to the running sshd.

Comment 2 Per Steinar Iversen 2007-06-04 12:47:20 UTC
It seems to be this line, it works fine for FC5 and FC6 at least:

/etc/hosts.allow : 

ALL: localhost.localdomain localhost6.localdomain6

Comment 3 Tomas Mraz 2007-06-04 13:44:23 UTC
OK, now with the line from the above comment I can reproduce it, here is a stack

#0  0x00002aaaace2304c in strcasecmp () from /lib64/libc.so.6
#1  0x00002aaaaacc9a19 in host_match (
    tok=0x7fff5e980e75 "localhost.localdomain", host=0x7fff5e981d00)
    at hosts_access.c:326
#2  0x00002aaaaacc8f4a in list_match (list=<value optimized out>, 
    request=0x7fff5e981bf0, match_fn=0x2aaaaacc9cf0 <client_match>)
    at hosts_access.c:216
#3  0x00002aaaaacc9150 in table_match (table=<value optimized out>, 
    request=0x7fff5e981bf0) at hosts_access.c:172
#4  0x00002aaaaacc9319 in hosts_access (request=0x7fff5e981bf0)
    at hosts_access.c:130
#5  0x00005555555602f6 in main (ac=<value optimized out>, 
    av=<value optimized out>) at sshd.c:1751

This is code in tcp_wrappers library -> reassigning.

Comment 4 Dan Scholnik 2007-06-05 02:28:50 UTC
I get this on an x86_64 platform as well.  I found that a single entry in
hosts.allow was ok, but a second causes a segfault.  Here's the stacktrace I got
w/ debuginfo packages installed:

Program received signal SIGSEGV, Segmentation fault.
*__GI___strcasecmp (
    s1=0xffffffffaaece660 <Address 0xffffffffaaece660 out of bounds>, 
    s2=0x2aaaaaece1fc "unknown") at strcasecmp.c:65
65        while ((result = TOLOWER (*p1) - TOLOWER (*p2++)) == 0)
#0  *__GI___strcasecmp (
    s1=0xffffffffaaece660 <Address 0xffffffffaaece660 out of bounds>, 
    s2=0x2aaaaaece1fc "unknown") at strcasecmp.c:65
#1  0x00002aaaaacc9b19 in host_match (
    tok=0x7ffff0ae8055 "hal9000.nrl.navy.mil", host=0x7ffff0ae8ee0)
    at hosts_access.c:326
#2  0x00002aaaaacc904a in list_match (list=<value optimized out>, 
    request=0x7ffff0ae8dd0, match_fn=0x2aaaaacc9df0 <client_match>)
    at hosts_access.c:216
#3  0x00002aaaaacc9250 in table_match (table=<value optimized out>, 
    request=0x7ffff0ae8dd0) at hosts_access.c:172
#4  0x00002aaaaacc9419 in hosts_access (request=0x7ffff0ae8dd0)
    at hosts_access.c:130
#5  0x00005555555602f6 in main (ac=<value optimized out>, 
    av=<value optimized out>) at sshd.c:1751

This suddenly appeared in a development update maybe a couple of months ago, but
the machine is rarely used so I can't be more specific.  I only recently figured
out it was tcp_wrappers causing the problem.

Comment 5 Kostas Georgiou 2007-06-06 21:51:02 UTC
tcp_wrappers-7.6-47.fc7 seems to have fixed the problem for me.

Comment 6 Fedora Update System 2007-06-07 15:59:34 UTC
tcp_wrappers-7.6-47.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.