Date: Fri, 08 Feb 2013 00:16:40 +0100 From: Dimitry Andric <dim@FreeBSD.org> To: Dewayne Geraghty <dewayne.geraghty@heuristicsystems.com.au> Cc: ports@FreeBSD.org, Brooks Davis <brooks@freebsd.org>, Bryan Drewery <bdrewery@FreeBSD.org> Subject: Re: openssh-portable segmentation faults Message-ID: <511435D8.8000900@FreeBSD.org> In-Reply-To: <CD64A9A7097A415CB05541C9032576D1@white> References: <67A39057348F4D1BA43004DB5F0E8DBB@white> <5113B343.303@FreeBSD.org> <CD64A9A7097A415CB05541C9032576D1@white>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2013-02-07 22:14, Dewayne Geraghty wrote:
...
> Bryan, Dimitry,
> Thank-you for your interest.
> Unfortunately we have no debugging tools on any of the machines. I'll build one today and reproduce.
I have reproduced the segfault here:
Starting program: /usr/ports/security/openssh-portable/work/openssh-5.8p2/ssh -vvv localhost
OpenSSH_5.8p2 FreeBSD-openssh-portable-5.8.p2_3,1, OpenSSL 1.0.1c 10 May 2012
Program received signal SIGSEGV, Segmentation fault.
istrsnvis (dst=0xbfbfb8f4 "debug1: Reading configuration data %.200s", dlen=0xbfbfb880, csrc=<optimized out>, flag=33, extra=<optimized out>) at /usr/src/contrib/libc-vis/vis.c:380
380 for (start = dst; (c = *src++) != '\0'; /* empty */) {
(gdb) bt
#0 istrsnvis (dst=0xbfbfb8f4 "debug1: Reading configuration data %.200s", dlen=0xbfbfb880, csrc=<optimized out>, flag=33, extra=<optimized out>) at /usr/src/contrib/libc-vis/vis.c:380
#1 0x28360cfd in istrnvis (dst=0xbfbfb8f4 "debug1: Reading configuration data %.200s", dlen=0xbfbfb880, src=<optimized out>, flag=-1077954316) at /usr/src/contrib/libc-vis/vis.c:534
#2 0x28360d71 in strnvis (dst=0xbfbfb878 "", dlen=3217014004, src=0xbfbfb878 "", flag=-1077954440) at /usr/src/contrib/libc-vis/vis.c:548
#3 0x08082e5d in do_log (level=SYSLOG_LEVEL_DEBUG1, fmt=0x80a914e "Reading configuration data %.200s", args=0xbfbfc134 "$\321\277\277@") at log.c:384
#4 0x08083048 in debug (fmt=0x80a914e "Reading configuration data %.200s") at log.c:209
#5 0x08054c8e in read_config_file (filename=0xbfbfd124 "/home/dim/.ssh/config", host=0xbfbfd770 "localhost", options=0x80b99dc <options>, checkperm=1) at readconf.c:1051
#6 0x0804e542 in main (ac=0, av=0xbfbfd5c0) at ssh.c:670
This is exactly the same problem as reported in this thread about
the security/pam_ssh_agent_auth port (rather long, beware):
http://lists.freebsd.org/pipermail/freebsd-stable/2013-January/071703.html
Executive summary: we recently imported a strnvis() implementation from
NetBSD, which has differently ordered arguments from the strnvis()
implementation in OpenBSD. When OpenSSH calls it with arguments ordered
in the way OpenBSD expects, the function segfaults.
I guess a similar approach as take in the above thread should be taken,
e.g. rename the function in the port to openbsd_strnvis(), and have the
port call that. Or use macro trickery to swap the arguments... :)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?511435D8.8000900>