2686 – SSHD segfaults when trying to load RSA1 host keys

Bug 2686 - SSHD segfaults when trying to load RSA1 host keys

Summary: SSHD segfaults when trying to load RSA1 host keys

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	sshd (show other bugs)
Version:	7.4p1
Hardware:	Other Linux

Importance:	P5 enhancement
Assignee:	Damien Miller

URL:
Keywords:	patch

Depends on:
Blocks:	V_7_5
	Show dependency tree / graph

Reported:	2017-03-02 03:46 AEDT by Jakub Jelen
Modified:	2021-04-23 15:00 AEST (History)
CC List:	2 users (show)

See Also:

Attachments
possible patch (755 bytes, patch) 2017-03-02 03:46 AEDT, Jakub Jelen	no flags	Details \| Diff
don't load RSA1 hostkeys (786 bytes, patch) 2017-03-15 12:38 AEDT, Damien Miller	dtucker: ok+	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jakub Jelen 2017-03-02 03:46:53 AEDT

Created attachment 2952 [details]
possible patch

During the transition from Protocol 1 and older openssh versions there is a possibility that the old configuration files will still have some of the old configuration options including the HostKeys pointing to the old key types (RSA1). I found in my sshd_config such a line and after updating OpenSSH I was unable to connect:

  HostKey /etc/ssh/ssh_host_key

Removing the above line will make sshd work again.

GDB traceback:

Program received signal SIGSEGV, Segmentation fault.

#0  match_pattern (s=s@entry=0x0, 
    pattern=pattern@entry=0x7fffffffd520 "ecdsa-sha2-nistp256-cert-v01@openssh.com") at match.c:98
#1  0x00005555555a7af3 in match_pattern_list (string=0x0, 
    pattern=pattern@entry=0x555555831aa0 "ecdsa-sha2-nistp256-cert-v01@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@openssh.com,ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v0"..., dolower=dolower@entry=0) at match.c:156
#2  0x000055555556447c in list_hostkey_types () at sshd.c:794
#3  do_ssh2_kex () at sshd.c:2327
#4  0x00005555555622c1 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2181

Problem is in  list_hostkey_types()  which is not checking the return value of  sshkey_ssh_name() (for RSA1 returns NULL).

The openssh is build --with-ssh1 (to support SSH1 in clients), but that should not matter.

I am not sure about the plans what everything will be removed in next release and if if maters for future, but certainly it maters for us that it is crashing sshd at this moment.

Comment 1 Jakub Jelen 2017-03-02 03:50:33 AEDT

well ... or just don't load the RSA1 keys in first place in sshd ... it might cause more problems in other code.

Comment 2 Jakub Jelen 2017-03-02 04:34:48 AEDT

With the above patch I am failing just litle bit further (but not segfault fortunately):

Mar 01 18:05:49 rhel7 sshd[23583]: fatal: notify_hostkeys: couldn't put hostkey 0: unknown or unsupported key type

Basically reverting the SSH1 these bits makes it pass for me:

@@ -847,7 +848,7 @@ notify_hostkeys(struct ssh *ssh)
 	for (i = nkeys = 0; i < options.num_host_key_files; i++) {
 		key = get_hostkey_public_by_index(i, ssh);
 		if (key == NULL || key->type == KEY_UNSPEC ||
-		    sshkey_is_cert(key))
+		    key->type == KEY_RSA1 || sshkey_is_cert(key))
 			continue;
 		fp = sshkey_fingerprint(key, options.fingerprint_hash,
 		    SSH_FP_DEFAULT);

Comment 3 Damien Miller 2017-03-15 12:38:48 AEDT

Created attachment 2963 [details]
don't load RSA1 hostkeys

This skips RSA1 keys when they are loaded.

Comment 4 Damien Miller 2017-03-15 13:18:40 AEDT

Applied. This will be in OpenSSH 7.5, due next week.

Comment 5 Damien Miller 2021-04-23 15:00:57 AEST

closing resolved bugs as of 8.6p1 release