Created attachment 2968 [details] Backtrace of ssh 7.5p1 segfaulting When OpenSSH-7.5p1 is compiled with "./configure --with-ldns", ssh <somehost> segfaults if the host's key is already recorded in known_hosts. The current head of the master branch is affected too. Builds with --without-ldns don't exhibit the problem, and neither does OpenSSH-7.4p1 (according to git bisect, the commit 523db854 "prefer to use ldns-config to find libldns" introduced the bug). My ssh_config is empty, and I've tested this against a variety of sshd's (including github.com). I'll attach a backtrace; if you need a coredump or information about my build environment, please let me know.
Interestingly, running "./configure --with-ldns" before the first bad commit reports "libldns support: no"; hence it's likely that the real bug is older and it's just been masked so far by configure not finding the ldns library.
Sorry, please ignore my previous comment. I mixed up the logs.
Created attachment 2969 [details] Build log for last good commit c998bf0a with --with-ldns
Created attachment 2970 [details] Build log for first bad commit 523db854 with --with-ldns
Created attachment 2971 [details] Build log for first bad commit 523db854 with --without-ldns I've attached some build logs. Looking at the diff between the two logs for the bad commit, it looks like --with-ldns confuses ./configure into finding some functions provided by libbsd.so; this causes problems later on because the compiled binaries don't link against this library. I'm a bit clueless why this happens, since I haven't found any relevant libraries which link against libbsd (in particular, libldns doesn't link against it).
Okay, I think I've figured this out. When I enable --with-ldns, ./configure adds the output of "ldns-config --libs" (that's "-Wl,-O1 -Wl,--as-needed -L/usr/lib64 -lcrypto -lldns") to all of its internal gcc calls. On my system, libcrypto.so is provided by libressl and has some internal symbols (strlcat, strlcpy, reallocarray, explicit_bzero, timingsafe_bcmp and reallocarray) which configure searches for and wouldn't otherwise have found. Thus, ssh uses libressl's version of these functions instead of its own versions in the openbsd-compat/ folder. This somehow causes my segfault. I have no idea how to fix this, though, since the autotools are a huge blackbox to me. Could we prevent configure from adding ${ldns-config --libs} to all its compiler calls (and instead only add it to the ldns-related compiler calls)? This sounds like a messy hack, though...
I think, generally, if one of your dependencies is using a particular version/vendor libcrypto.so then you have to use it everywhere and not try to mix and match. I.e. either recompile ldns against LibreSSL or compile OpenSSH against the same libcrypto/headers as ldns
closing; OpenSSH can't detect conflicts in dependent libraries itself.
close bugs that were resolved in OpenSSH 8.5 release cycle