Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 8 Oct 2005 09:02:15 GMT
From:      "Jukka A. Ukkonen" <jau@iki.fi>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/87113: OpenSSL-0.9.8 crashes OpenSSH-portable-4.2.0.0,1
Message-ID:  <200510080902.j9892FCR093757@www.freebsd.org>
Resent-Message-ID: <200510080910.j989AHKb020872@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 

>Number:         87113
>Category:       ports
>Synopsis:       OpenSSL-0.9.8 crashes OpenSSH-portable-4.2.0.0,1
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Oct 08 09:10:17 GMT 2005
>Closed-Date:
>Last-Modified:
>Originator:     Jukka A. Ukkonen
>Release:        4.11-STABLE
>Organization:
private citizen
>Environment:
FreeBSD mjolnir 4.11-STABLE FreeBSD 4.11-STABLE #0: Wed Sep 21 07:56:19 EET DST 2005     jau@mjolnir:/home/src/sys/compile/Mjolnir  i386

>Description:
              When linked against OpenSSL-0.9.8 OpenSSH-portable-4.2.0.0,1 crashes
as follows...

Plain command line example:
---------------------------
# /usr/local/sbin/sshd
Segmentation fault

When started inside gdb:
------------------------
(gdb) run
Starting program: /usr/local/sbin/sshd 
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
(no debugging symbols found)...(no debugging symbols found)...
Program received signal SIGSEGV, Segmentation fault.
0x281299e1 in bn_mul_add_words () from /usr/local/lib/libcrypto.so.4

With older OpenSSL-0.9.7g there are no problems with OpenSSL-4.2p1.

I classified this bug as *critical/high* because both OpenSSL and OpenSSH
are these days very widely used and important elements of overall system
security, and everybody should be able to update ASAP there are new stable
versions available.
OTOH I assume the roots of this problem lie in some little incompatibility
which both OpenSSL and OpenSSH maintainers or ports admins have completely
overlooked.

>How-To-Repeat:
              Try the same versions of OpenSSL and OpenSSH on FreeBSD-4.11-STABLE.
Supposedly neither OpenSSL ports admin nor OpenSSH-portable ports admin has really
tested this combination before publishing the latest ports.


>Fix:
              No fix or explanation known yet.
There are a couple of good guesses though...
1) Either the call API to bn_mul_add_words() has changed in 0.9.8 or
2) the OpenSSH-4.2p1 port has always been using that function in an improper manner.

>Release-Note:
>Audit-Trail:
>Unformatted:

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200510080902.j9892FCR093757>