This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 859766 - SSH server crashes when attempting to log in as user that does not exist
SSH server crashes when attempting to log in as user that does not exist
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: ecryptfs-utils (Show other bugs)
17
Unspecified Unspecified
unspecified Severity unspecified
: ---
: ---
Assigned To: Michal Hlavinka
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-09-23 17:47 EDT by Marius Bjørnstad
Modified: 2012-10-30 09:15 EDT (History)
7 users (show)

See Also:
Fixed In Version: ecryptfs-utils-100-3.fc17
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-10-30 09:15:05 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ABRT generated crash info (6.95 KB, application/octet-stream)
2012-09-25 10:10 EDT, Marius Bjørnstad
no flags Details

  None (edit)
Description Marius Bjørnstad 2012-09-23 17:47:38 EDT
Description of problem: When I try to log in as a user that doesn't exist, the SSH server crashes.


Version-Release number of selected component (if applicable): OpenSSH_5.9p1, OpenSSL 1.0.0j-fips 10 May 2012



How reproducible: Always


Steps to Reproduce:
1. Log in from any computer as a user that doesn't exist 
2. Type any string as password and hit return
  
Actual results: Connection is closed. The messages below are shown in /var/log/messages on the server:

Sep 23 22:30:54 blackhole kernel: [ 8535.399440] sshd[10952] general protection ip:7f5d87e38377 sp:7ffffaa225f0 error:0 in libc-2.15.so[7f5d87df0000+1ac000]
Sep 23 22:30:54 blackhole abrtd: Directory 'ccpp-2012-09-23-22:30:54-10952' creation detected
Sep 23 22:30:54 blackhole abrt[11931]: Saved core dump of pid 10952 (/usr/sbin/sshd) to /var/spool/abrt/ccpp-2012-09-23-22:30:54-10952 (3104768 bytes)
Sep 23 22:30:54 blackhole abrtd: Generating backtrace
Sep 23 22:30:54 blackhole abrtd: Duplicate: core backtrace
Sep 23 22:30:54 blackhole abrtd: DUP_OF_DIR: /var/spool/abrt/ccpp-2012-08-30-20:58:20-11746
Sep 23 22:30:54 blackhole abrtd: Corrupted or bad directory '/var/spool/abrt/ccpp-2012-09-23-22:30:54-10952', deleting



Expected results: I should be prompted for a password again.


Additional info:
I have attempted to remove packages I don't use. I may have removed something related to SSH, but this is an unacceptable result anyway. 

There is no entry in abrt for the crashes.

I have tried to remove all customization in /etc/ssh/sshd_config .
Comment 1 Marius Bjørnstad 2012-09-23 17:48:47 EDT
Sorry, I forgot something: If I try to log in as a user that exists, but is not in AllowUsers (e.g. root), there is no crash.
Comment 2 Tomas Mraz 2012-09-24 08:48:18 EDT
Unfortunately, I cannot reproduce the crash on my Fedora 17 virtual machine. We would need at least usable backtrace to be able to investigate the crash further.

Also you're mentioning AllowUsers - do you use this option in /etc/ssh/sshd_config?
Comment 3 Marius Bjørnstad 2012-09-25 10:10:21 EDT
Created attachment 617067 [details]
ABRT generated crash info
Comment 4 Marius Bjørnstad 2012-09-25 10:13:17 EDT
abrt chokes on the crash but I uploaded the info minus the core dump (left out because of possible security issues).

I have changed AllowUsers, AuthorizedKeysFile and "Subsystem sftp", but I tried to remove those customizations.
Comment 5 Marius Bjørnstad 2012-09-25 10:14:43 EDT
Here is the backtrace, so you don't have to look in the .tgz:

ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x48377 vfprintf /lib64/libc.so.6 e6c4e24910e190033df6d73ab31100b0ea843e61
ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x108f51 __vasprintf_chk /lib64/libc.so.6 83615b9fc4ab9c55244e3f5f61594f1ebdc0e4fb
ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x108e82 __asprintf_chk /lib64/libc.so.6 ea0d6c0e15ce18e667f83f7eaf7f339c0936f364
245b9501b827b5c91b3d169af67b96c1c4d7c5b2 0x1c86 - /lib64/security/pam_ecryptfs.so e91e89c0e2841a03ed272ead9e725fd34fcb4ca4
245b9501b827b5c91b3d169af67b96c1c4d7c5b2 0x1d7d pam_sm_authenticate /lib64/security/pam_ecryptfs.so 3404692b3b2393cfa3dcb0482d867c4c33344b91
372e0854be0d6a18633d579d34320e8e9cb2ec5d 0x30c4 - /lib64/libpam.so.0 5242e8cf5a275548d99caf45c7c1cd23c5add91a
372e0854be0d6a18633d579d34320e8e9cb2ec5d 0x2890 pam_authenticate /lib64/libpam.so.0 d536b5283eeb62d7a9e93810b035611bad9a50af
e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x36676 - - -
e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x10a2b - - -
e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x299c2 - - -
e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x2ae48 - - -
e12ee4180c2972fe88d8ed06f98d11909de71fd3 0x2be6b - - -
e12ee4180c2972fe88d8ed06f98d11909de71fd3 0xdbea - - -
ebc779125d37b2b0595730b6d78d477fe7b6bc53 0x21735 __libc_start_main /lib64/libc.so.6 075acda5d3230e115cf7c88597eaba416bdaa6bb
e12ee4180c2972fe88d8ed06f98d11909de71fd3 0xe739 - - -
Comment 6 Tomas Mraz 2012-09-25 11:17:35 EDT
Reassigning to ecryptfs-utils as the source of the crash is in the pam_ecryptfs module.
Comment 7 Michal Hlavinka 2012-09-26 06:44:16 EDT
reproducible

Note You need to log in before you can comment on or make changes to this bug.