Bug 246594 - ssh segmentation fault when try to connect some host
ssh segmentation fault when try to connect some host
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
6
All Linux
low Severity medium
: ---
: ---
Assigned To: Tomas Mraz
Fedora Extras Quality Assurance
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-07-03 06:34 EDT by han pingtian
Modified: 2008-04-07 03:45 EDT (History)
3 users (show)

See Also:
Fixed In Version: F-8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-07 03:45:57 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
ssh -vvvv output (4.29 KB, text/plain)
2007-07-03 06:34 EDT, han pingtian
no flags Details
strace ssh localhost (23.04 KB, text/plain)
2007-07-03 06:36 EDT, han pingtian
no flags Details

  None (edit)
Description han pingtian 2007-07-03 06:34:27 EDT
Description of problem:
I find ssh will segmentation fault  when try to connect some host today.
e.g. 
$ ssh localhost
Segmentation fault

Version-Release number of selected component (if applicable):
openssh-clients-4.3p2-19.fc6
How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
will attach ssh -vvv output and strace out put.
Comment 1 han pingtian 2007-07-03 06:34:27 EDT
Created attachment 158417 [details]
ssh -vvvv output
Comment 2 han pingtian 2007-07-03 06:36:53 EDT
Created attachment 158418 [details]
strace ssh localhost
Comment 3 Tomas Mraz 2007-07-09 08:30:03 EDT
Can you create a backtrace with gdb?

(Install openssh-debuginfo too, so the backtrace is more meaningful.)

Also what changed on the system when it suddenly started segfaulting? And what
are your /etc/hosts file contents?
Comment 4 han pingtian 2007-07-10 04:45:26 EDT
Disable option GSSAPIAuthentication in ssh_config seems fix this problem.
Comment 5 han pingtian 2007-07-10 04:54:29 EDT
With the GSSAPIAuthentication enable, the backtrace is:
Program received signal SIGSEGV, Segmentation fault.
0x004cd1c6 in gss_verify_mic () from /usr/lib/libgssapi_krb5.so.2
(gdb) bt
#0  0x004cd1c6 in gss_verify_mic () from /usr/lib/libgssapi_krb5.so.2
#1  0x80032195 in ssh_gssapi_import_name (ctx=0x805fb7d8,
    host=0x805fad30 "localhost.localdomain") at gss-genr.c:215
#2  0x800324d3 in ssh_gssapi_check_mechanism (ctx=0xbfbd8628, oid=0x805fb770,
    host=0x805fad30 "localhost.localdomain") at gss-genr.c:302
#3  0x800145ad in userauth_gssapi (authctxt=0xbfbd8714) at sshconnect2.c:499
#4  0x8001475d in userauth (authctxt=0xbfbd8714, authlist=<value optimized out>)
    at sshconnect2.c:341
#5  0x80014e2a in input_userauth_failure (type=51, seq=5, ctxt=0xbfbd8714)
    at sshconnect2.c:407
#6  0x8002c25b in dispatch_run (mode=0, done=0xbfbd8728, ctxt=0xbfbd8714)
    at dispatch.c:93
#7  0x800152ed in ssh_userauth2 (local_user=0x805f4360 "root",
    server_user=0x805f4378 "root", host=0x805f43f0 "localhost",
    sensitive=0x8004c940) at sshconnect2.c:308
#8  0x8000f771 in ssh_login (sensitive=0x8004c940,
    orighost=0xbfbd9aab "localhost", hostaddr=0x8004c8c0, pw=0x805ea4d8)
    at sshconnect.c:936
#9  0x80006ab7 in main (ac=0, av=0xbfbd8d2c) at ssh.c:734
Comment 6 Tomas Mraz 2007-07-10 05:39:41 EDT
Can you please install krb5-debuginfo package and try to produce the backtrace
again?
Comment 7 han pingtian 2007-07-12 22:02:28 EDT
(In reply to comment #6)
> Can you please install krb5-debuginfo package and try to produce the backtrace
> again?
> 

Program received signal SIGSEGV, Segmentation fault.
0x00e131c6 in generic_gss_copy_oid (minor_status=0x8164580c, oid=0xbf83b8e4,
    new_oid=0xe2e3c0) at oid_ops.c:91
91      {
(gdb) bt
#0  0x00e131c6 in generic_gss_copy_oid (minor_status=0x8164580c, oid=0xbf83b8e4,
    new_oid=0xe2e3c0) at oid_ops.c:91
#1  0x80032195 in ssh_gssapi_import_name (ctx=0x81645808,
    host=0x81644d70 "localhost.localdomain") at gss-genr.c:215
#2  0x800324d3 in ssh_gssapi_check_mechanism (ctx=0xbf83b968, oid=0x816457a0,
    host=0x81644d70 "localhost.localdomain") at gss-genr.c:302
#3  0x800145ad in userauth_gssapi (authctxt=0xbf83ba54) at sshconnect2.c:499
#4  0x8001475d in userauth (authctxt=0xbf83ba54, authlist=<value optimized out>)
    at sshconnect2.c:341
#5  0x80014e2a in input_userauth_failure (type=51, seq=5, ctxt=0xbf83ba54)
    at sshconnect2.c:407
#6  0x8002c25b in dispatch_run (mode=0, done=0xbf83ba68, ctxt=0xbf83ba54)
    at dispatch.c:93
#7  0x800152ed in ssh_userauth2 (local_user=0x8163e420 "hpt",
    server_user=0x8163e380 "hpt", host=0x81642ab8 "localhost",
    sensitive=0x8004c940) at sshconnect2.c:308
#8  0x8000f771 in ssh_login (sensitive=0x8004c940,
    orighost=0xbf83d1f4 "localhost", hostaddr=0x8004c8c0, pw=0x816344d8)
    at sshconnect.c:936
#9  0x80006ab7 in main (ac=0, av=0xbf83c06c) at ssh.c:734
Comment 8 Tomas Mraz 2007-07-13 04:47:31 EDT
The new_oid value is corrupted. But after studying the relevant openssh and krb5
library code I am out of ideas how it could happen. I cannot reproduce the crash
here so it is impossible for me to debug it.

Nalin, do you have any ideas how that corruption could happen?

Comment 9 Bug Zapper 2008-04-04 03:26:50 EDT
Fedora apologizes that these issues have not been resolved yet. We're
sorry it's taken so long for your bug to be properly triaged and acted
on. We appreciate the time you took to report this issue and want to
make sure no important bugs slip through the cracks.

If you're currently running a version of Fedora Core between 1 and 6,
please note that Fedora no longer maintains these releases. We strongly
encourage you to upgrade to a current Fedora release. In order to
refocus our efforts as a project we are flagging all of the open bugs
for releases which are no longer maintained and closing them.
http://fedoraproject.org/wiki/LifeCycle/EOL

If this bug is still open against Fedora Core 1 through 6, thirty days
from now, it will be closed 'WONTFIX'. If you can reporduce this bug in
the latest Fedora version, please change to the respective version. If
you are unable to do this, please add a comment to this bug requesting
the change.

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we are following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.

And if you'd like to join the bug triage team to help make things
better, check out http://fedoraproject.org/wiki/BugZappers
Comment 10 han pingtian 2008-04-06 23:05:20 EDT
It seems this problem had been fixed in fedora 8.

Note You need to log in before you can comment on or make changes to this bug.