Subject: [ libssh2-Bugs-2659057 ] segfault when reading in DSA private key on Ubuntu 64 bit

[ libssh2-Bugs-2659057 ] segfault when reading in DSA private key on Ubuntu 64 bit

From: SourceForge.net <noreply_at_sourceforge.net>
Date: Tue, 28 Apr 2009 12:48:43 +0000

Bugs item #2659057, was opened at 2009-03-04 00:27
Message generated for change (Settings changed) made by bagder
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: crypto
Group: None
>Status: Closed
>Resolution: Works For Me
Priority: 6
Private: No
Submitted By: Joshua McClintock (jmcclintock777)
Assigned to: Daniel Stenberg (bagder)
Summary: segfault when reading in DSA private key on Ubuntu 64 bit

Initial Comment:
Hello, I'm using Net::SSH2 in perl which links against libssh2. I've tried old versions 0.18, the release 1.0 and a cvs snapshot from today. I get the same results on all 3.

I'm running Ubuntu 8.04.1 64 bit

Here's an ldd against libssh2.so

        linux-vdso.so.1 => (0x00007fff829fe000)
        libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f8e7a417000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007f8e7a097000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007f8e79e7f000)
        libc.so.6 => /lib/libc.so.6 (0x00007f8e79b1d000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007f8e79919000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f8e7a88b000)

Here's an strace of the event:

connect(5, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("10.0.0.18")}, 16) = 0
setsockopt(5, SOL_SOCKET, SO_LINGER, [0], 4) = -1 EINVAL (Invalid argument)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR) = 0
sendto(5, "SSH-2.0-libssh2_1.0.1-20090303\r\n", 32, MSG_NOSIGNAL, NULL, 0) = 32
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "H", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "-", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "2", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, ".", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "0", 1, MSG_NOSIGNAL, NULL, NULL) = 1
...
...
...
...
open("/root/.ssh/id_dsa.pub", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=606, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
lseek(6, 0, SEEK_SET) = 0
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "\241&\206\212}w^\330\t\325RL\341\201\213\224\21e\4\221"..., 532, MSG_NOSIGNAL, NULL, 0) = 532
recvfrom(5, "\323\202\367\216\375\264\220\2418fT\36\2343\323\264aI\347"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 484
open("/root/.ssh/id_dsa", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "K\201:o=\345u w\305ge\17yd\273\270\272\201\254k\256\375"..., 580, MSG_NOSIGNAL, NULL, 0) = 580
recvfrom(5, "\356\'\260\307\365\343\246\257\255#;u\241\305\372aG]\371"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 36
sendto(5, "F\214\373,*\277\275q\17\273\262,\376\245\20T\320V<P!(_"..., 68, MSG_NOSIGNAL, NULL, 0) = 68
recvfrom(5, "\35\335\260\352&\306\277\242\2266\336+\203\177\206\250"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 52
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 6226 detached

I don't know how to use GDB to give you better information. Is there anything I should check or command I could run to get you better info?

----------------------------------------------------------------------

Comment By: Joshua McClintock (jmcclintock777)
Date: 2009-04-15 20:58

Message:
Ok, I didn't realize Ubuntu had their own packaged version of libssh2. I'm
now using that, and the segfault went away.

----------------------------------------------------------------------

Comment By: Neil Gierman (roadrunn)
Date: 2009-04-15 20:33

Message:
Normally what I use is "gdb --args <program name> <program args if any>".
When you get the segv it will stop and use "bt" to print a backtrace of the
stack.

----------------------------------------------------------------------

Comment By: Joshua McClintock (jmcclintock777)
Date: 2009-04-15 20:03

Message:
To be more specific, the segfault happens in the same place and on every
run, no exceptions.

Once I have libssh2 complied with debug, do I execute my program with gdb?
 If so, (and I'm sorry for the ignorance), can you give me the quick steps
to launch it with gdb and what to do next once I've done that?

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2009-04-15 19:58

Message:
To answer roadrunn's question, I'm running openssl 0.9.8g-4ubuntu3.4. When
the segfault happens, it happens in the same place every time, no
exceptions.

I'm going to grab the latest version and compile again. To enable debug
symbols, do I just compile with --enable-debug?

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-04-15 09:04

Message:
Thanks for your help on improving libssh2!

We need more details on this bug entry to be able to sort it out properly,
and until more info is provided this entry will be set to 'pending' status
and will get closed automatically at a later date unless feedback has been
given.

----------------------------------------------------------------------

Comment By: Neil Gierman (roadrunn)
Date: 2009-04-05 23:06

Message:
Another question. What build of OpenSSL 0.9.8 are you using? Have had
random segv's with earlier builds of both 0.9.8 and 0.9.7.

----------------------------------------------------------------------

Comment By: Daniel Stenberg (bagder)
Date: 2009-04-05 20:35

Message:
'bt' in gdb gives much better data, especially if you have a libssh2 built
with debug symbols.

Without that, this is virtually impossible to figure out...

Does it always happen and seemingly on the same spot?

----------------------------------------------------------------------

You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

------------------------------------------------------------------------------
Register Now & Save for Velocity, the Web Performance & Operations
Conference from O'Reilly Media. Velocity features a full day of
expert-led, hands-on workshops and two days of sessions from industry
leaders in dedicated Performance & Operations tracks. Use code vel09scf
and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf
_______________________________________________
libssh2-devel mailing list
libssh2-devel_at_lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel
Received on 2009-04-28