OS: HP-UX hpux23 B.11.23 U 9000/785 2009445268 unlimited-user license GCC: gcc version 4.4.3 (GCC), downloaded from HP's website pam.conf: sshd auth required libpam_hpsec.so.1 sshd auth required libpam_unix.so.1 try_first_pass No such issue if no option "try_first_pass" or with option "get_first_pass". ------- gdb trace ----- debug3: mm_auth_password: waiting for MONITOR_ANS_AUTHPASSWORD debug3: mm_request_receive_expect entering: type 11 debug3: mm_request_receive entering Program received signal SIGSEGV, Segmentation fault si_code: 0 - SEGV_UNKNOWN - Unknown Error. 0x7af6a57c in crypt+0x154 () from /usr/lib/libc.2 (gdb) bt #0 0x7af6a57c in crypt+0x154 () from /usr/lib/libc.2 #1 0x7ab9b928 in pwd_crypt+0x2c () from /usr/lib/security/libpam_unix.so.1 #2 0x7ab90f40 in <unknown_procedure> + 0x1c0 () from /usr/lib/security/libpam_unix.so.1 #3 0x7ab90910 in pam_sm_authenticate+0x588 () from /usr/lib/security/libpam_unix.so.1 #4 0x7abd02ac in pam_authenticate+0xd0 () from /usr/lib/libpam.1 #5 0x26934 in sshpam_auth_passwd (authctxt=0x400118d8, password=0x73745f72 <Error reading address 0x73745f72: Bad address>) at auth-pam.c:1208 #6 0xced4 in auth_password (authctxt=0x6, password=0x72656164 <Error reading address 0x72656164: Bad address>) at auth-passwd.c:116 #7 0x20f38 in mm_answer_authpassword (sock=1073813720, m=0x400039fc) at monitor.c:740 #8 0x21734 in monitor_read (pmonitor=0x40011920, ent=0x40001600, pent=0x5b800) at monitor.c:493 #9 0x21b98 in monitor_child_preauth (_authctxt=0x40008f40, pmonitor=0x40017b48) at monitor.c:369 #10 0xbdfc in main (ac=2139031728, av=0x40001684) at sshd.c:641 (gdb)
It seems that libpam on HP-UX needs to be linked with "-Z" option. The patch below can fix this issue. -bash-4.0$ diff -rc Makefile.in.orig Makefile.in *** Makefile.in.orig Tue Jul 13 16:52:31 2010 --- Makefile.in Tue Jul 13 16:53:23 2010 *************** *** 4,9 **** --- 4,10 ---- #SHELL = @SH@ AUTORECONF=autoreconf + PLATFORM := $(shell uname) prefix=@prefix@ exec_prefix=@exec_prefix@ *************** *** 142,148 **** --- 143,153 ---- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) + ifeq (${PLATFORM},HP-UX) + $(LD) -o $@ $(SSHDOBJS) -Wl,-Z $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) + else $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) + endif scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
what does the -Z option on HP-UX actually do and why does it help in this case? if it's really needed, the correct place to put it is in the hpux section of configure.ac
OK, so the manual page says: " -Z Allow run-time dereferencing of null pointers. See the discussions of -Z and pointers in cc(1). (This is the complement of the -z option.)" There's a related GCC bug (http://gcc.gnu.org/bugzilla/show_bug.cgi?id=33548) which says "There is a patch for libpam which should fix the null pointer reference available from HP. It is HP patch PHCO_37076." It looks like this is purely a bug in HP-UX's libpam.
We don't like to work things that are clearly vendor bugs and for which patches exist. We've decided not to change this, in part because we're concerned that it might enable an exploit that would otherwise not be possible due to a null pointer deref. Thanks anyway, and sorry.
With the release of OpenSSH 5.6p1 this bug is now considered closed. If you have further problems please reopen or file a new bug as appropriate.