Bug 324181 - thinkfinger causes sshd to segfault on every attempt to connect
thinkfinger causes sshd to segfault on every attempt to connect
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: thinkfinger (Show other bugs)
7
x86_64 Linux
high Severity high
: ---
: ---
Assigned To: Julian Sikorski
Fedora Extras Quality Assurance
:
: 327451 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-10-08 23:49 EDT by Bryan O'Sullivan
Modified: 2007-11-30 17:12 EST (History)
4 users (show)

See Also:
Fixed In Version: 0.3-6.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-10-24 03:14:34 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch (884 bytes, patch)
2007-10-09 06:43 EDT, Timo Hoenig
no flags Details | Diff

  None (edit)
Description Bryan O'Sullivan 2007-10-08 23:49:11 EDT
Description of problem:

I'm running openssh-server, with no unusual configuration parameters.  Every
time a client connects, the server crashes with a segfault after receiving a
password from the client.

Version-Release number of selected component (if applicable):

openssh-server-4.5p1-6.fc7.x86_64

How reproducible:

100%

Steps to Reproduce:
1. service sshd start
2. try to connect from a remote host
3. crash!

Actual results:

I tried removing and reinstalling openssh-server, with no luck.  I also
generated a new set of host keys, again with no luck.

Even with a debuginfo RPM installed, I get meaningless backtraces:

(gdb) run -de
The program being debugged has been started already.
Start it from the beginning? (y or n) y
Starting program: /usr/sbin/sshd -de
debug1: sshd version OpenSSH_4.5p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-de'
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug1: Bind to port 22 on 0.0.0.0.
Bind to port 22 on 0.0.0.0 failed: Address already in use.
debug1: Server will not fork when running in debugging mode.
debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7
debug1: sshd version OpenSSH_4.5p1
debug1: read PEM private key done: type RSA
debug1: private host key: #0 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #1 type 2 DSA
debug1: inetd sockets after dupping: 3, 3
Connection from 127.0.0.1 port 47770
debug1: Client protocol version 2.0; client software version OpenSSH_4.7
debug1: match: OpenSSH_4.7 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5
[Detaching after fork from child process 11132.]
debug1: permanently_set_uid: 74/74
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: SSH2_MSG_KEX_DH_GEX_REPLY sent
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: KEX done
debug1: userauth-request for user bos service ssh-connection method none
debug1: attempt 0 failures 0
debug1: PAM: initializing for "bos"
debug1: PAM: setting PAM_RHOST to "tachylite.serpentine.com"
debug1: PAM: setting PAM_TTY to "ssh"
debug1: userauth-request for user bos service ssh-connection method password
debug1: attempt 1 failures 1
[New LWP 11140]

Program received signal SIGSEGV, Segmentation fault.
[Switching to LWP 11140]
0x00005555557e11b0 in ?? ()
(gdb) bt
#0  0x00005555557e11b0 in ?? ()
#1  0x00002aaaadd854f6 in ?? ()
#2  0x0000000000010000 in ?? ()
#3  0x0000555500000000 in ?? ()
#4  0x281450006f616943 in ?? ()
#5  0x0001200000000011 in ?? ()
#6  0x00000000000c0000 in ?? ()
#7  0x42a501698b000000 in ?? ()
#8  0xb2360f35aa5c11e9 in ?? ()
#9  0x00000335f88c1dd9 in ?? ()
#10 0x50416f4d08660000 in ?? ()
#11 0x0000620001083952 in ?? ()
#12 0x003201f40064000a in ?? ()
#13 0x0000000010000000 in ?? ()
#14 0x66d6000800000000 in ?? ()
#15 0x0000000001640000 in ?? ()
#16 0x0000000000000000 in ?? ()
Comment 1 Bryan O'Sullivan 2007-10-09 01:07:27 EDT
On a hunch, I removed the thinkfinger package, and the crash went away. Bad
thinkfinger! No cookie!
Comment 2 Julian Sikorski 2007-10-09 03:41:12 EDT
This is a known problem, already reported upstream twice [1] [2]. The sad news
is that I can't fix it myself, so unless Timo finds time or somebody else writes
a patch, the only workaround would be not to use thinkfinger along with remote
logins. Jose, maybe you would be able to help?

[1]
http://sourceforge.net/mailarchive/forum.php?thread_name=46DA9832.2080609%40poczta.onet.pl&forum_name=thinkfinger-devel
[2]
http://sourceforge.net/mailarchive/forum.php?thread_name=4623B67D.2070505%40tsss.org&forum_name=thinkfinger-devel
Comment 3 Timo Hoenig 2007-10-09 06:43:00 EDT
Created attachment 221131 [details]
patch

Bryan, can you please test whether this patch helps?

Thank you.
Comment 4 Julian Sikorski 2007-10-09 10:06:07 EDT
This seems to help. I'll post updated RPMs for testing soonish (I need to figure
out how to use my fedorapeople account).
Comment 5 Julian Sikorski 2007-10-09 10:14:01 EDT
Voila. Could you please test the RPMs available at http://belegdol.fedorapeople.org?
Comment 6 Julian Sikorski 2007-10-11 08:42:43 EDT
*** Bug 327451 has been marked as a duplicate of this bug. ***
Comment 7 Julian Sikorski 2007-10-11 08:44:11 EDT
Note: the fix works for me, but I would like to have one positive feedback
before committing the patch
Comment 8 Timo Hoenig 2007-10-11 08:53:01 EDT
For what it's worth: http://article.gmane.org/gmane.linux.drivers.thinkfinger/467
Comment 9 Julian Sikorski 2007-10-11 09:01:56 EDT
I guess that should be enough. It's rawhide anyway.
Comment 10 Julian Sikorski 2007-10-11 12:22:52 EDT
OK, packages built. They should appear in rawhide/f7-updates-testing soon, but
for those that can't wait here are the links:
f7: http://koji.fedoraproject.org/koji/buildinfo?buildID=20711
f8: http://koji.fedoraproject.org/koji/buildinfo?buildID=20712
Comment 11 Fedora Update System 2007-10-11 18:54:41 EDT
thinkfinger-0.3-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update thinkfinger'
Comment 12 Moritz Baumann 2007-10-12 05:20:38 EDT
updates-testing pkg works for me (i386).

Thx
Comment 13 Fedora Update System 2007-10-24 03:14:32 EDT
thinkfinger-0.3-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.