Subject: [ libssh2-Bugs-2659057 ] segfault when reading in DSA private key on Ubuntu 64 bit

[ libssh2-Bugs-2659057 ] segfault when reading in DSA private key on Ubuntu 64 bit

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Wed, 15 Apr 2009 07:04:53 +0000

Bugs item #2659057, was opened at 2009-03-04 00:27
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: crypto
Group: None
>Status: Pending
Resolution: None
Priority: 6
Private: No
Submitted By: Joshua McClintock (jmcclintock777)
Assigned to: Daniel Stenberg (bagder)
Summary: segfault when reading in DSA private key on Ubuntu 64 bit

Initial Comment:
Hello, I'm using Net::SSH2 in perl which links against libssh2. I've tried old versions 0.18, the release 1.0 and a cvs snapshot from today. I get the same results on all 3.

I'm running Ubuntu 8.04.1 64 bit

Here's an ldd against libssh2.so

        linux-vdso.so.1 => (0x00007fff829fe000)
        libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f8e7a417000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007f8e7a097000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007f8e79e7f000)
        libc.so.6 => /lib/libc.so.6 (0x00007f8e79b1d000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007f8e79919000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f8e7a88b000)

Here's an strace of the event:

connect(5, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("10.0.0.18")}, 16) = 0
setsockopt(5, SOL_SOCKET, SO_LINGER, [0], 4) = -1 EINVAL (Invalid argument)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR) = 0
sendto(5, "SSH-2.0-libssh2_1.0.1-20090303\r\n", 32, MSG_NOSIGNAL, NULL, 0) = 32
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "H", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "-", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "2", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, ".", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "0", 1, MSG_NOSIGNAL, NULL, NULL) = 1
...
...
...
...
open("/root/.ssh/id_dsa.pub", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=606, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
lseek(6, 0, SEEK_SET) = 0
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "\241&\206\212}w^\330\t\325RL\341\201\213\224\21e\4\221"..., 532, MSG_NOSIGNAL, NULL, 0) = 532
recvfrom(5, "\323\202\367\216\375\264\220\2418fT\36\2343\323\264aI\347"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 484
open("/root/.ssh/id_dsa", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "K\201:o=\345u w\305ge\17yd\273\270\272\201\254k\256\375"..., 580, MSG_NOSIGNAL, NULL, 0) = 580
recvfrom(5, "\356\'\260\307\365\343\246\257\255#;u\241\305\372aG]\371"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 36
sendto(5, "F\214\373,*\277\275q\17\273\262,\376\245\20T\320V<P!(_"..., 68, MSG_NOSIGNAL, NULL, 0) = 68
recvfrom(5, "\35\335\260\352&\306\277\242\2266\336+\203\177\206\250"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 52
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 6226 detached

I don't know how to use GDB to give you better information. Is there anything I should check or command I could run to get you better info?

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-04-15 09:04

Message:
Thanks for your help on improving libssh2!

We need more details on this bug entry to be able to sort it out properly,
and until more info is provided this entry will be set to 'pending' status
and will get closed automatically at a later date unless feedback has been
given.

----------------------------------------------------------------------

Comment By: Neil Gierman (roadrunn)
Date: 2009-04-05 23:06

Message:
Another question. What build of OpenSSL 0.9.8 are you using? Have had
random segv's with earlier builds of both 0.9.8 and 0.9.7.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-04-05 20:35

Message:
'bt' in gdb gives much better data, especially if you have a libssh2 built
with debug symbols.

Without that, this is virtually impossible to figure out...

Does it always happen and seemingly on the same spot?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

------------------------------------------------------------------------------
This SF.net email is sponsored by:
High Quality Requirements in a Collaborative Environment.
Download a free trial of Rational Requirements Composer Now!
http://p.sf.net/sfu/www-ibm-com
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2009-04-15