Date: Tue, 18 Jun 2002 12:23:41 -0700 (PDT) From: AIDA Shinra <aida-s@jcom.home.ne.jp> To: freebsd-gnats-submit@FreeBSD.org Subject: bin/39478: `ssh-keygen -p -t rsa' causes segfault Message-ID: <200206181923.g5IJNfuI012202@www.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 39478
>Category: bin
>Synopsis: `ssh-keygen -p -t rsa' causes segfault
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Tue Jun 18 12:30:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: AIDA Shinra
>Release: 4.6RC(2002.06.09, RELENG_4_6)
>Organization:
>Environment:
FreeBSD xxx 4.6-RELEASE FreeBSD 4.6-RELEASE #0: Sun Jun 9 22:39:42 JST 2002 shinra@xxx:/usr/obj/usr/freebsd/src/sys/LOCAL i386
>Description:
When I try to change ssh2 passphrase with `ssh-keygen -p -t rsa',
ssh-keygen core dumps and I cannot change the passphrase.
On the other hand, hanging ssh1 passphrase successfully finishes.
This is a backtrace:
% gdb -c ssh-keygen.core ssh-keygen
GNU gdb 4.18 (FreeBSD)
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
Core was generated by `ssh-keygen'.
Program terminated with signal 11, Segmentaton fault.
Reading symbols from /usr/lib/libcrypto.so.2...done.
Reading symbols from /usr/lib/libc.so.4...done.
Reading symbols from /usr/libexec/ld-elf.so.1...done.
#0 0x2819c002 in vfprintf () from /usr/lib/libc.so.4
(gdb) backtrace
#0 0x2819c002 in vfprintf () from /usr/lib/libc.so.4
#1 0x281889a0 in printf () from /usr/lib/libc.so.4
#2 0x804b1f8 in do_change_passphrase (pw=0x281b5180)
at /usr/freebsd/src/secure/usr.bin/ssh-keygen/../../../crypto/openssh/ssh-keygen.c:485
#3 0x804ba34 in main (ac=, av=0xbfbff64c)
at /usr/freebsd/src/secure/usr.bin/ssh-keygen/../../../crypto/openssh/ssh-keygen.c:754
#4 0x804a215 in _start (arguments=0xbfbff760 "./ssh-keygen") at /usr/freebsd/src/lib/csu/i386-elf/crt1.c:96
(gdb) up
#1 0x281889a0 in printf () from /usr/lib/libc.so.4
(gdb) up
#2 0x804b1f8 in do_change_passphrase (pw=0x281b5180)
at /usr/freebsd/src/secure/usr.bin/ssh-keygen/../../../crypto/openssh/ssh-keygen.c:485
485 printf("Key has comment '%s'\n", comment);
`comment' seems garbage pointer...
>How-To-Repeat:
`ssh-keygen -p -t rsa' always results segfault.
>Fix:
This patch will solve it.
begin 644 ssh-keygen.patch.gz
M'XL("*QR#ST``W-S:"UK97EG96XN<&%T8V@`E911;YLP$,>?X5.<*DV%`"G0
M)$L33<JD/6W5M(=-TZ1)D0>78#6Q(^PD156^^\X8%M*PA[X8?+[SW>]_!U$4
M@5)%](35&L4P&\J2KYV?F,/GO8#D`>)T-IK.TA&D<9RZ01!<N+_V?)BEJ?5<
M+"`:C2?A>PCL8[%PX2!Y[D(NEUG!Q!J7.Z;4KBB90D_I<I]I,)9C#H/=T7?A
MQ8T<\BQAD,GM%H6>N\&E`3[`UQ^/CW,7&KO<Y)U;0[KHWR:YV*4FIDFJ-#.+
ML7S!BKQ*?F`:YQ9BFM80]$CBFL)Q''SFVDM\$^&<:#E1I10E],J[,5<43$%;
MXNT[=?M;W(2MP3<4?`5>NZ?MVX)QH[`O2,C6C4),<539W0`^JB?0!8+`(YP%
M`$\?>8;^$`9WY&<*XCF%<ETMR;.CHD^-,$J,XSB<0#".[\-I*\3SJD3T.B);
M3:[L:6-O2_Y&)V"/%`T$E:YARW16#`&^EQ6P->-B:#&(]$JO-L-9EKZV&/I/
M2%V65:V`I*4DC79535U#)?=A,B*J9!HFDP9KBUN%VKN8G3BD$2DW*"YH;:[_
MJ$!?R=*>V($B:W1=>-!#UP/783O9OG;).GUE(J]-!A/DJGZG2H`+("Y95DW'
MWPC9SWB-Z#APKLT,LM#$H$S.J(?]-?H5.25IA^:7W)=@AW3%,Z:Y%/7<_T$4
;H-B!_D5'KHN>86\F":R*,;W^!=;[5/OY!```
`
end
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206181923.g5IJNfuI012202>