Bug 153 - NULL pointer passed to xfree() during client connection
Summary: NULL pointer passed to xfree() during client connection
Status: CLOSED INVALID
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: ix86 Linux
: P2 major
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-03-09 08:33 AEDT by Bernard Karmilowicz
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bernard Karmilowicz 2002-03-09 08:33:01 AEDT
sshd passes a NULL pointer to xfree(), preventing ssh clients from connecting to
the server. The problem occurs on multiple servers and clients:


orion:/etc/rc.d# ./rc.sshd start
debug1: sshd version OpenSSH_3.1p1
debug1: private host key: #0 type 0 RSA1
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
socket: Address family not supported by protocol
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 768 bit RSA key.
RSA key generation complete.
debug1: Server will not fork when running in debugging mode.
Connection from 65.56.115.228 port 1622
debug1: Client protocol version 2.0; client software version OpenSSH_3.0.2p1
debug1: match: OpenSSH_3.0.2p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-1.99-OpenSSH_3.1p1
debug1: list_hostkey_types: ssh-rsa,ssh-dss
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 133/256
debug1: bits set: 1543/3191
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1596/3191
xfree: NULL pointer given as argument
debug1: Calling cleanup 0x806662c(0x0)


The following lines were written to /var/log/syslog when the client attempted to
connect during the debug session (refer to transcript above):

Mar  8 15:39:02 orion sshd[16231]: fatal: xfree: NULL pointer given as argument
Mar  8 15:51:09 orion sshd[16264]: fatal: Cannot bind any address.
Comment 1 Kevin Steves 2002-03-31 02:55:17 AEST
can you provide sshd -ddd output and additional
information such as linux distribution, etc?

also "Cannot bind any address." appears to be
from a different sshd invocation.
Comment 2 Kevin Steves 2002-04-04 03:07:18 AEST
from bernie:
Thanks for asking! I finally solved the problem this weekend. It turned out to 
be a glibc problem. Specifically, I had a mix of 2.1.3 and 2.2 files that       
caused confusion. Once I removed the 2.2 files, the build went fine.

closing.
Comment 3 Damien Miller 2004-04-14 12:24:18 AEST
Mass change of RESOLVED bugs to CLOSED