Created attachment 3453 [details] coredump Running ssh -o "ConnectTimeout=2147484" localhost or with any timeout >=2147484 causes an immediate crash with coredump of ssh: $ ssh -o "ConnectTimeout=2147484" localhost Aborted (core dumped) This is with OpenSSH_8.3p1. Core dump attached. First reported in Ubuntu: https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1903516
Looks like it's an integer overflow caught by -ftrapv: $ gdb --args ./ssh -o "ConnectTimeout=2147484" localhost [...] (gdb) run [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". Program received signal SIGABRT, Aborted. __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 50 return ret; (gdb) bt #0 __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 #1 0x00007ffff7a9a895 in __GI_abort () at abort.c:79 #2 0x000055555555e70e in __mulvsi3.cold () #3 0x0000555555562e83 in main (ac=0, av=0x5555556492e0) at ../../ssh.c:1526 (gdb) frame 3 #3 0x0000555555562e83 in main (ac=0, av=0x5555556492e0) at ../../ssh.c:1526 1526 timeout_ms = options.connection_timeout * 1000; timeout_ms is an int.
Fixed in http://anongit.mindrot.org/openssh.git/commit/?id=819b44e8b9af6ce18d3ec7505b9f461bf7991a1f Thanks for the report.
closing resolved bugs as of 8.6p1 release