Subject: [ libssh2-Bugs-2659057 ] segfault when reading in DSA private key on Ubuntu 64 bit

[ libssh2-Bugs-2659057 ] segfault when reading in DSA private key on Ubuntu 64 bit

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Sun, 05 Apr 2009 18:35:21 +0000

Bugs item #2659057, was opened at 2009-03-04 00:27
Message generated for change (Comment added) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: crypto
Group: None
Status: Open
Resolution: None
>Priority: 6
Private: No
Submitted By: Joshua McClintock (jmcclintock777)
>Assigned to: Daniel Stenberg (bagder)
Summary: segfault when reading in DSA private key on Ubuntu 64 bit

Initial Comment:
Hello, I'm using Net::SSH2 in perl which links against libssh2. I've tried old versions 0.18, the release 1.0 and a cvs snapshot from today. I get the same results on all 3.

I'm running Ubuntu 8.04.1 64 bit

Here's an ldd against libssh2.so

        linux-vdso.so.1 => (0x00007fff829fe000)
        libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f8e7a417000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007f8e7a097000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007f8e79e7f000)
        libc.so.6 => /lib/libc.so.6 (0x00007f8e79b1d000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007f8e79919000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f8e7a88b000)

Here's an strace of the event:

connect(5, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("10.0.0.18")}, 16) = 0
setsockopt(5, SOL_SOCKET, SO_LINGER, [0], 4) = -1 EINVAL (Invalid argument)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR) = 0
sendto(5, "SSH-2.0-libssh2_1.0.1-20090303\r\n", 32, MSG_NOSIGNAL, NULL, 0) = 32
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "H", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "-", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "2", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, ".", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "0", 1, MSG_NOSIGNAL, NULL, NULL) = 1
...
...
...
...
open("/root/.ssh/id_dsa.pub", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=606, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
lseek(6, 0, SEEK_SET) = 0
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "\241&\206\212}w^\330\t\325RL\341\201\213\224\21e\4\221"..., 532, MSG_NOSIGNAL, NULL, 0) = 532
recvfrom(5, "\323\202\367\216\375\264\220\2418fT\36\2343\323\264aI\347"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 484
open("/root/.ssh/id_dsa", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "K\201:o=\345u w\305ge\17yd\273\270\272\201\254k\256\375"..., 580, MSG_NOSIGNAL, NULL, 0) = 580
recvfrom(5, "\356\'\260\307\365\343\246\257\255#;u\241\305\372aG]\371"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 36
sendto(5, "F\214\373,*\277\275q\17\273\262,\376\245\20T\320V<P!(_"..., 68, MSG_NOSIGNAL, NULL, 0) = 68
recvfrom(5, "\35\335\260\352&\306\277\242\2266\336+\203\177\206\250"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 52
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 6226 detached

I don't know how to use GDB to give you better information. Is there anything I should check or command I could run to get you better info?

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2009-04-05 20:35

Message:
'bt' in gdb gives much better data, especially if you have a libssh2 built
with debug symbols.

Without that, this is virtually impossible to figure out...

Does it always happen and seemingly on the same spot?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

------------------------------------------------------------------------------
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2009-04-05