| Summary: | bug in packet.c sometimes cause segfault | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | jchadima | ||||||||||
| Component: | sshd | Assignee: | Assigned to nobody <unassigned-bugs> | ||||||||||
| Status: | CLOSED WONTFIX | ||||||||||||
| Severity: | normal | CC: | djm, dtucker, jchadima, jfch, thebestzorro | ||||||||||
| Priority: | P2 | ||||||||||||
| Version: | 6.2p1 | ||||||||||||
| Hardware: | All | ||||||||||||
| OS: | All | ||||||||||||
| Bug Depends on: | |||||||||||||
| Bug Blocks: | 2076 | ||||||||||||
| Attachments: |
|
||||||||||||
|
Description
jchadima
2011-04-15 19:49:16 AEST
Created attachment 2028 [details]
patch solving the problem
Created attachment 2032 [details]
new patch
The new approach how to solve the selinux problem.
Created attachment 2033 [details]
patch solving the problem
the patch change was by mistake ... bad bz#
the original patch fits the problem
How can we reproduce these crashes? I'd prefer to fix the underlying problem by ensuring things are initialised correctly to retuning potentially wrong information from packet_connection_is_on_socket(). we touch the problem experimenting with the audit of crypto keys. Retarget unresolved bugs/features to 6.0 release Retarget unresolved bugs/features to 6.0 release Retarget unresolved bugs/features to 6.0 release (try again - bugzilla's "change several" isn't) Retarget from 6.0 to 6.1 Retarget 6.0 => 6.1 Retarget uncompleted bugs from 6.1 => 6.2 Retarget bugs from 6.1 => 6.2 retarget to openssh-6.3 on second thoughts, I'm going to leave this. The is-socket of the packet code is undefined until you call packet_set_connection() and trying to ascertain it before you've set a socket is wrong. Our code will never do this, so the crash is irrelevant to stock openssh. Your code shouldn't either, but if you insist then you should apply the patch in your own tree :/ Created attachment 2395 [details]
Backtrace for openssh 6.2p1
Hi, I have this problem in following case: - sshd config file contains a line: ListenAddress 0.0.0.0 - after that this record was changed (this host has 3 DNS records): ListenAddress 192.168.0.101 ListenAddress 192.168.0.102 ListenAddress 192.168.0.103 - a restart of sshd prints in syslog: error: Bind to port 22 on 192.168.0.101 failed: Address already in use. error: Bind to port 22 on 192.168.0.102 failed: Address already in use. error: Bind to port 22 on 192.168.0.103 failed: Address already in use. - method packet_set_connection() is not called, the code of server_listen() detects true condition "if (!num_listen_socks)", but method packet_connection_is_on_socket() from packet.c tries to use incorrect operation: if (active_state->connection_in == active_state->connection_out) I don't know why ports are not available for bind, restart script use "start" and "stop" calls with a delay 2 seconds. It is a quite rare case, I have a reproduction ~5% only on OS starting. The proposed patch resolves this problem. I think, this fault should be fixed. But it is not critical issue. In my case, the fault was provoked by multi start of sshd. The short summary of this problem - there is a crash if the process can't bind all IP addresses from configuration file. Set all RESOLVED bugs to CLOSED with release of OpenSSH 7.1 |