Bug 3101

Summary: sshd core is seen when FIPS mode is set
Product: Portable OpenSSH Reporter: Navneet <navneet.kumar.garg>
Component: sshdAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED INVALID    
Severity: critical CC: djm, jjelen, vamshik024
Priority: P2    
Version: 7.9p1   
Hardware: Other   
OS: Linux   

Description Navneet 2019-11-29 04:26:06 AEDT 
sshd core is seen when FIPS mode is set and we close the ssh connection using 'exit' command. Issue is seen only in FIPS mode. Pasted the stack trace below. sshd binary is non-debug, so limited information is shown in the stack. How do I get debug sshd binary so that we can have more debug information in stack trace? Issue is seen from certain ssh clients, like issue is seen consistently using MobaXterm version 10.9 build 3656. Appreciate any input on this.

# sshd -v
unknown option -- v
OpenSSH_7.9p1, OpenSSL 1.0.2r-fips  26 Feb 2019


Core
====
Reading symbols from /usr/sbin/sshd...(no debugging symbols found)...done.
[New LWP 22607]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `sshd: se'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f67affe3d32 in ?? ()
(gdb) bt
#0  0x00007f67affe3d32 in ?? ()
#1  0x00007f67b465c20f in fips_drbg_cleanup () from /lib64/libcrypto.so.1.0.0
#2  0x00007f67b471d629 in RAND_cleanup () from /lib64/libcrypto.so.1.0.0
#3  0x00007f67b27b7ff1 in __run_exit_handlers (status=0, listp=0x7f67b2b38688 <__exit_funcs>,
    run_list_atexit=run_list_atexit@entry=true) at exit.c:77
#4  0x00007f67b27b8075 in __GI_exit (status=<optimized out>) at exit.c:99
#5  0x00005618199b4c4c in ?? ()
#6  0x00005618199b5cff in ?? ()
#7  0x00005618199b5f5a in ?? ()
#8  0x00005618199993f1 in ?? ()
#9  0x00007f67b27a0ca5 in __libc_sta
Comment 1 Jakub Jelen 2019-11-29 19:54:11 AEDT 
This looks like a crash in openssl (RAND_cleanup () from /lib64/libcrypto.so.1.0.0) so I do not think there is anything OpenSSH can do about it.

I think you will need to install debuginfo for openssl and openssh packages to get better backtraces.
Comment 2 Vamshik 2019-12-05 11:55:20 AEDT 
This is the complete stack:

Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `sshd: sy'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fd2fb957d32 in ?? ()
(gdb) bt
#0  0x00007fd2fb957d32 in ?? ()
#1  0x00007fd2fffd020f in fips_drbg_cleanup () from /lib64/libcrypto.so.1.0.0
#2  0x00007fd300091629 in RAND_cleanup () from /lib64/libcrypto.so.1.0.0
#3  0x00007fd2fe12bff1 in __run_exit_handlers (status=0, listp=0x7fd2fe4ac688 <__exit_funcs>,
    run_list_atexit=run_list_atexit@entry=true) at exit.c:77
#4  0x00007fd2fe12c075 in __GI_exit (status=<optimized out>) at exit.c:99
#5  0x00005573f469336c in mm_answer_term (sock=<optimized out>, req=<optimized out>) at monitor.c:1580
#6  0x00005573f469455f in monitor_read (pmonitor=pmonitor@entry=0x5573f4956d30,
    ent=0x5573f4943180 <mon_dispatch_postauth20+64>, pent=pent@entry=0x0) at monitor.c:517
#7  0x00005573f46947ba in monitor_child_postauth (pmonitor=0x5573f4956d30) at monitor.c:411
#8  0x00005573f4678680 in privsep_postauth (authctxt=0x5573f4955900) at sshd.c:667
#9  main (ac=<optimized out>, av=<optimized out>) at sshd.c:2259

Is there any patch file which resolves this issue?
Comment 3 Vamshik 2019-12-05 11:55:48 AEDT 
This is the complete stack:

Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `sshd: sy'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fd2fb957d32 in ?? ()
(gdb) bt
#0  0x00007fd2fb957d32 in ?? ()
#1  0x00007fd2fffd020f in fips_drbg_cleanup () from /lib64/libcrypto.so.1.0.0
#2  0x00007fd300091629 in RAND_cleanup () from /lib64/libcrypto.so.1.0.0
#3  0x00007fd2fe12bff1 in __run_exit_handlers (status=0, listp=0x7fd2fe4ac688 <__exit_funcs>,
    run_list_atexit=run_list_atexit@entry=true) at exit.c:77
#4  0x00007fd2fe12c075 in __GI_exit (status=<optimized out>) at exit.c:99
#5  0x00005573f469336c in mm_answer_term (sock=<optimized out>, req=<optimized out>) at monitor.c:1580
#6  0x00005573f469455f in monitor_read (pmonitor=pmonitor@entry=0x5573f4956d30,
    ent=0x5573f4943180 <mon_dispatch_postauth20+64>, pent=pent@entry=0x0) at monitor.c:517
#7  0x00005573f46947ba in monitor_child_postauth (pmonitor=0x5573f4956d30) at monitor.c:411
#8  0x00005573f4678680 in privsep_postauth (authctxt=0x5573f4955900) at sshd.c:667
#9  main (ac=<optimized out>, av=<optimized out>) at sshd.c:2259

Is there any patch file which resolves this issue?
Comment 4 Damien Miller 2020-01-25 17:10:27 AEDT 
Your stack trace shows failure inside OpenSSL, not OpenSSH. You should contact your FIPS OpenSSL vendor to help debug, it isn't something we can help with.
Comment 5 Damien Miller 2021-03-04 09:54:43 AEDT 
close bugs that were resolved in OpenSSH 8.5 release cycle