Bug#338325: ssh: client segv with gssapi
Package: ssh
Version: 1:4.2p1-5
Severity: normal
I get an unreproducible segv in the client with gssapi authentication
on (`GSSAPIAuthentication yes', `GSSAPIDelegateCredentials yes')
connecting to either Solaris 10 or Debian stable servers. I haven't
noticed a crash without gssapi yet. I assume there's an uninitialized
variable or similar; it might be in the library, but I can't tell and
don't have time to build and debug it currently. I caught one crash:
Program received signal SIGSEGV, Segmentation fault.
0x700cf454 in bn_sub_words () from /usr/lib/v9/libcrypto.so.0.9.8
(gdb) bt
#0 0x700cf454 in bn_sub_words () from /usr/lib/v9/libcrypto.so.0.9.8
#1 0x700c8c20 in bn_sub_part_words () from /usr/lib/v9/libcrypto.so.0.9.8
#2 0x700c979c in bn_mul_recursive () from /usr/lib/v9/libcrypto.so.0.9.8
#3 0x700c964c in bn_mul_recursive () from /usr/lib/v9/libcrypto.so.0.9.8
#4 0x700ca50c in BN_mul () from /usr/lib/v9/libcrypto.so.0.9.8
#5 0x700d0a30 in BN_mod_mul_montgomery () from /usr/lib/v9/libcrypto.so.0.9.8
#6 0x700c6cf8 in BN_mod_exp_mont_consttime ()
from /usr/lib/v9/libcrypto.so.0.9.8
#7 0x700ea4c4 in DH_OpenSSL () from /usr/lib/v9/libcrypto.so.0.9.8
#8 0x700ea28c in DH_generate_key () from /usr/lib/v9/libcrypto.so.0.9.8
#9 0x00039b4c in error ()
#10 0x00038930 in error ()
#11 0x00034314 in error ()
#12 0x00033ab4 in error ()
#13 0x0001ee6c in ?? ()
#14 0x0001ee6c in ?? ()
Previous frame identical to this frame (corrupt stack?)
Then another attempt worked.
Note that this is on SPARC.
-- System Information:
Debian Release: 3.1
APT prefers stable
APT policy: (900, 'stable')
Architecture: sparc (sparc64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12-1-sparc64
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages ssh depends on:
ii openssh-client 1:4.2p1-5 Secure shell client, an rlogin/rsh
ii openssh-server 1:4.2p1-5 Secure shell server, an rshd repla
ssh recommends no packages.
-- debconf information:
ssh/insecure_rshd:
ssh/ssh2_keys_merged:
* ssh/user_environment_tell:
* ssh/forward_warning:
ssh/insecure_telnetd:
ssh/new_config: true
* ssh/use_old_init_script: true
* ssh/protocol2_only: true
ssh/encrypted_host_key_but_no_keygen:
* ssh/run_sshd: true
* ssh/SUID_client: true
ssh/disable_cr_auth: false
Reply to: