openssh segfaults at login if ~/.hushlogin does not exist

To: Debian Users <debian-user@lists.debian.org>
Subject: openssh segfaults at login if ~/.hushlogin does not exist
From: Andras BALI <drewie@bigfoot.com>
Date: Tue, 25 Jul 2000 22:57:13 +0200
Message-id: <[🔎] 20000725225713.A10156@null>
Mail-followup-to: Debian Users <debian-user@lists.debian.org>

Hi,

I'm using Woody but this problem occured in Potato as well. I have the
latest OpenSSH installed (ssh_1%3a1.2.3-9_i386.deb) with SUID root
enabled. I haven't modified any of the configuration files, they're from
the stock debian package. When a user that doesn't have a ~/.hushlogin
file tries to log in, ssh fails with signal 11. If this file exists, ssh
works fine.

Debug messages of the client and the server:

,----
| $ ssh -v localhost
| SSH Version OpenSSH-1.2.3, protocol version 1.5.
| Compiled with SSL.
| [...]
| debug: Trying RSA authentication with key 'bali@server'
| debug: Server refused our key.
| debug: Doing password authentication.
| bali@null's password:
| debug: Requesting pty.
| debug: Requesting shell.
| debug: Entering interactive session.
| Received disconnect: Command terminated on signal 11.
| debug: Calling cleanup 0x804efe0(0x0)
| debug: Calling cleanup 0x8056820(0x0)
`----

,----
| $ sshd -d
| debug: sshd version OpenSSH-1.2.3
| debug: Bind to port 22 on 0.0.0.0.
| Server listening on 0.0.0.0 port 22.
| [...]
| debug: Adding PAM message: No mail.
| debug: PAM establishing creds
| debug: Entering interactive session.
| debug: Setting controlling tty using TIOCSCTTY.
| debug: Received SIGCHLD.
| debug: End of interactive session; stdin 0, stdout (read 0, sent 0), stderr 0 bytes.
| Disconnecting: Command terminated on signal 11.
| debug: Calling cleanup 0x804d490(0xbfffeec0)
| debug: pty_cleanup_proc called
| debug: Calling cleanup 0x804f724(0x0)
| debug: Calling cleanup 0x80589b0(0x0)
`----

Output of strace -f sshd at the problematic point:

,----
| 1066  open("/var/log/lastlog", O_RDWR)  = 4
| 1066  lseek(4, 29200, SEEK_SET)         = 29200
| 1066  write(4,"\374I{9pts/1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0"..., 292) = 292
| 1066  close(4)                          = 0
| 1066  stat("/home/bali/.hushlogin", 0xbfffee4c) = -1 ENOENT (No such file or directory)
| 1066  --- SIGSEGV (Segmentation fault) ---
| 1063  <... select resumed> )            = 1 (in [6])
| 1063  --- SIGCHLD (Child exited) ---
`----

Where ltrace -f sshd says:

,----
| 1181 snprintf("/home/bali/.hushlogin", 256, "%.200s/.hushlogin", "/home/bali") = 21
| 1181 __xstat(3, "/home/bali/.hushlogin", 0xbfffef50) = -1
| 1181 fprintf(0x401de8e0, "Last login: Sun Jul 23 21:45:33 "... <unfinished ...>
| 1181 --- SIGSEGV (Segmentation fault) ---
| 1181 +++ killed by SIGSEGV +++
| 1178 --- SIGCHLD (Child exited) ---
| 1178 __errno_location()                           = 0x401e0c40
`----

It would be quite important to solve this problem or I'll be forced to
use ssh-nonfree which I don't really want to. :)

Thanks in advance,
Andras

-- 
mailto:drewie@bigfoot.com [drewie]@iRCnet
http://alpha.rulez.org/~drewie/gpgkey.asc

Reply to:

Prev by Date: Re: lprng out of date?
Next by Date: combining unused space into files
Previous by thread: Re: lprng out of date?
Next by thread: combining unused space into files
Index(es):
- Date
- Thread