Date: Mon, 04 Jun 2001 05:30:53 +0900 From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/27860: sshd caught signal 10 Message-ID: <20010604053053T.koya@pluto.math.yokohama-cu.ac.jp>
next in thread | raw e-mail | index | archive | help
>Number: 27860
>Category: bin
>Synopsis: sshd dumps core
>Confidential: no
>Severity: critical
>Priority: high
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sun Jun 03 13:40:00 PDT 2001
>Closed-Date:
>Last-Modified:
>Originator: Yoshihiro Koya
>Release: FreeBSD 5.0-CURRENT i386
>Organization:
Dept. of Math. Sci., Yokohama City Univ.
>Environment:
System: FreeBSD current.my.domain 5.0-CURRENT FreeBSD 5.0-CURRENT #0: Wed May 30 00:38:02 JST 2001 root@current.my.domain:/usr/obj/usr/src/sys/current i386
OpenSSH_2.9 green@FreeBSD.org 20010503, SSH protocols 1.5/2.0, OpenSSL 0x0090601f
>Description:
Too long user name causes sshd to dump core.
I tried to make patch. But, I couldn't do it.
The following is the output from the gdb.
current# ls
.cshrc cdrom etc root tmp
.profile compat home sbin usr
COPYRIGHT dev lost+found sshd.core var
bin dist mnt stand
boot entropy proc sys
current# gdb /usr/sbin/sshd sshd.core
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
(no debugging symbols found)...
Core was generated by `sshd'.
Program terminated with signal 10, Bus error.
Reading symbols from /usr/lib/libopie.so.2...(no debugging symbols found)...
done.
Reading symbols from /usr/lib/libmd.so.2...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libcrypt.so.2...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libcrypto.so.2...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libutil.so.3...(no debugging symbols found)... done.
Reading symbols from /usr/lib/libz.so.2...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libwrap.so.3...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libpam.so.1...(no debugging symbols found)...done.
Reading symbols from /usr/lib/libc.so.5...(no debugging symbols found)...done.
Reading symbols from /usr/libexec/ld-elf.so.1...(no debugging symbols found)...done.
#0 0x28225f32 in __log2 () from /usr/lib/libc.so.5
(gdb) where
#0 0x28225f32 in __log2 () from /usr/lib/libc.so.5
#1 0x28223d1c in __call_hash () from /usr/lib/libc.so.5
#2 0x28223623 in __hash_open () from /usr/lib/libc.so.5
#3 0x282234be in __hash_open () from /usr/lib/libc.so.5
#4 0x281ec203 in endpwent () from /usr/lib/libc.so.5
#5 0x281eb21a in netname2host () from /usr/lib/libc.so.5
#6 0x281ebbdc in netname2host () from /usr/lib/libc.so.5
#7 0x28213f95 in nsdispatch () from /usr/lib/libc.so.5
#8 0x281ebf45 in getpwnam () from /usr/lib/libc.so.5
#9 0x80537b5 in getsockname ()
#10 0x805e74f in getsockname ()
#11 0x80535a2 in getsockname ()
#12 0x804dc23 in getsockname ()
#13 0x804c0f9 in getsockname ()
>How-To-Repeat:
Type
% slogin localhost -l xxxx<10000 times x's>xxx
For example, use the following small program
/* genx.c */
#include <stdio.h>
int
main(int argc, char *argv[])
{
int i;
for (i = 0; i < 10000; i++)
putchar('x');
return 0;
}
and type
% slogin localhost -l `./genx`
Then, you may get something like as follows:
Jun 4 04:54:43 current /boot/kernel/kernel: pid 2479 (sshd), uid 0: exited on signal 10 (core dumped)
>Fix:
Unfortunately I don't have much enough time to find what casues this,
and also don't have good idea to fix it.
But the above __log2 function may be found in
/usr/src/lib/libc/db/hash/hash_log2.c.
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010604053053T.koya>