Subject: ssh: glibc detected double free or corruption with local forwarding Package: ssh Version: 1:5.1p1-3 Severity: normal When starting a local forward in an existing session a double free cash can be forced. This is simple to reproduce: % ssh somehost [...] % ~C ssh> -L *.80:localhost:80 Bad forwarding specification. *** glibc detected *** ssh: double free or corruption (fasttop): 0xb95431b0 *** ======= Backtrace: ========= /lib/i686/cmov/libc.so.6[0xb7ada6b4] /lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7adc8b6] ssh[0xb7ee3c7d] ssh[0xb7ec014b] ssh(client_simple_escape_filter+0x5f)[0xb7ec0e5f] ssh[0xb7ed5145] ssh[0xb7ed5655] ssh[0xb7ed93fb] ssh[0xb7ec1af8] ssh(main+0x1885)[0xb7ebaaa5] /lib/i686/cmov/libc.so.6(__libc_start_main+0xe5)[0xb7a82455] ssh[0xb7eb8b01] ======= Memory map: ======== b7800000-b7821000 rw-p b7800000 00:00 0 b7821000-b7900000 ---p b7821000 00:00 0 b79be000-b79ca000 r-xp 00000000 08:01 379003 /lib/libgcc_s.so.1 b79ca000-b79cb000 rw-p 0000b000 08:01 379003 /lib/libgcc_s.so.1 b79cb000-b79d5000 r-xp 00000000 08:01 331425 /lib/i686/cmov/libnss_files-2.7.so b79d5000-b79d7000 rw-p 00009000 08:01 331425 /lib/i686/cmov/libnss_files-2.7.so b79d7000-b7a0c000 r--s 00000000 08:01 62598 /var/cache/nscd/services b7a0c000-b7a41000 r--s 00000000 08:01 60442 /var/cache/nscd/passwd b7a41000-b7a43000 rw-p b7a41000 00:00 0 b7a43000-b7a58000 r-xp 00000000 08:01 331472 /lib/i686/cmov/libpthread-2.7.so b7a58000-b7a5a000 rw-p 00014000 08:01 331472 /lib/i686/cmov/libpthread-2.7.so b7a5a000-b7a5c000 rw-p b7a5a000 00:00 0 b7a5c000-b7a5e000 r-xp 00000000 08:01 116464 /lib/libkeyutils-1.2.so b7a5e000-b7a5f000 rw-p 00001000 08:01 116464 /lib/libkeyutils-1.2.so b7a5f000-b7a60000 rw-p b7a5f000 00:00 0 b7a60000-b7a67000 r-xp 00000000 08:01 174787 /usr/lib/libkrb5support.so.0.1 b7a67000-b7a68000 rw-p 00006000 08:01 174787 /usr/lib/libkrb5support.so.0.1 b7a68000-b7a6a000 r-xp 00000000 08:01 328990 /lib/i686/cmov/libdl-2.7.so b7a6a000-b7a6c000 rw-p 00001000 08:01 328990 /lib/i686/cmov/libdl-2.7.so b7a6c000-b7bc1000 r-xp 00000000 08:01 328979 /lib/i686/cmov/libc-2.7.so b7bc1000-b7bc2000 r--p 00155000 08:01 328979 /lib/i686/cmov/libc-2.7.so b7bc2000-b7bc4000 rw-p 00156000 08:01 328979 /lib/i686/cmov/libc-2.7.so b7bc4000-b7bc7000 rw-p b7bc4000 00:00 0 b7bc7000-b7bc9000 r-xp 00000000 08:01 281074 /lib/libcom_err.so.2.1 b7bc9000-b7bca000 rw-p 00001000 08:01 281074 /lib/libcom_err.so.2.1 b7bca000-b7bed000 r-xp 00000000 08:01 166307 /usr/lib/libk5crypto.so.3.1 b7bed000-b7bee000 rw-p 00023000 08:01 166307 /usr/lib/libk5crypto.so.3.1 b7bee000-b7bef000 rw-p b7bee000 00:00 0 b7bef000-b7c81000 r-xp 00000000 08:01 174550 /usr/lib/libkrb5.so.3.3 b7c81000-b7c83000 rw-p 00092000 08:01 174550 /usr/lib/libkrb5.so.3.3 b7c83000-b7cac000 r-xp 00000000 08:01 166306 /usr/lib/libgssapi_krb5.so.2.2 b7cac000-b7cad000 rw-p 00028000 08:01 166306 /usr/lib/libgssapi_krb5.so.2.2 b7cad000-b7cb6000 r-xp 00000000 08:01 328989 /lib/i686/cmov/libcrypt-2.7.so b7cb6000-b7cb8000 rw-p 00008000 08:01 328989 /lib/i686/cmov/libcrypt-2.7.so b7cb8000-b7cdf000 rw-p b7cb8000 00:00 0 b7cdf000-b7cf4000 r-xp 00000000 08:01 328997 /lib/i686/cmov/libnsl-2.7.so b7cf4000-b7cf6000 rw-p 00014000 08:01 328997 /lib/i686/cmov/libnsl-2.7.so b7cf6000-b7cf8000 rw-p b7cf6000 00:00 0 b7cf8000-b7d0c000 r-xp 00000000 08:01 281046 /usr/lib/libz.so.1.2.3.3 b7d0c000-b7d0d000 rw-p 00013000 08:01 281046 /usr/lib/libz.so.1.2.3.3 b7d0d000-b7d0f000 r-xp 00000000 08:01 331477 /lib/i686/cmov/libutil-2.7.so b7d0f000-b7d11000 rw-p 00001000 08:01 331477 /lib/i686/cmov/libutil-2.7.so b7d11000-b7d12000 rw-p b7d11000 00:00 0 b7d12000-b7e4c000 r-xp 00000000 08:01 115944 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b7e4c000-b7e62000 rw-p 0013a000 08:01 115944 /usr/lib/i686/cmov/libcrypto.so.0.9.8 b7e62000-b7e65000 rw-p b7e62000 00:00 0 b7e65000-b7e75000 r-xp 00000000 08:01 331473 /lib/i686/cmov/libresolv-2.7.so b7e75000-b7e77000 rw-p 0000f000 08:01 331473 /lib/i686/cmov/libresolv-2.7.so b7e77000-b7e79000 rw-p b7e77000 00:00 0 b7e94000-b7e96000 rw-p b7e94000 00:00 0 b7e96000-b7e97000 r-xp b7e96000 00:00 0 [vdso] b7e97000-b7eb1000 r-xp 00000000 08:01 374678 /lib/ld-2.7.so b7eb1000-b7eb3000 rw-p 0001a000 08:01 374678 /lib/ld-2.7.so b7eb3000-b7f03000 r-xp 00000000 08:01 Abort (the backtrace is formatted a little because the output is a little messed up) The problem does not occur when invoked in the command line or when used in ~/.ssh/config. -- System Information: Debian Release: lenny/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.26-1-686 (SMP w/2 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages ssh depends on: ii openssh-client 1:5.1p1-3 secure shell client, an rlogin/rsh ii openssh-server 1:5.1p1-3 secure shell server, an rshd repla -- -- arthur - adejong@debian.org - http://people.debian.org/~adejong --
Attachment:
signature.asc
Description: This is a digitally signed message part