Date: Wed, 21 Nov 2001 16:48:17 -0500 (EST) From: The Anarcat <anarcat@anarcat.dyndns.org> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/32175: ssh-keygen -p core dumps Message-ID: <20011121214817.6B26E20ADB@shall.anarcat.dyndns.org>
next in thread | raw e-mail | index | archive | help
>Number: 32175 >Category: bin >Synopsis: ssh-keygen -p core dumps >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Nov 21 13:50:00 PST 2001 >Closed-Date: >Last-Modified: >Originator: The Anarcat >Release: FreeBSD 4.4-STABLE i386 >Organization: Nada, Inc. >Environment: System: FreeBSD shall.anarcat.dyndns.org 4.4-STABLE FreeBSD 4.4-STABLE #0: Fri Nov 16 12:57:38 EST 2001 anarcat@shall.anarcat.dyndns.org:/usr/obj/usr/src/sys/SHALL i386 >Description: ssh-keygen core dumps when trying to change my DSA passphrase. Compiling the program with debugging symbols disables the bug, so it's tricky to debug. Here is what I can get from gdb: anarcat@shall[~]% gdb `which ssh-keygen` ssh-keygen.core GNU gdb 4.18 Copyright 1998 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-unknown-freebsd"... (no debugging symbols found)... Core was generated by `ssh-keygen'. Program terminated with signal 11, Segmentation fault. Reading symbols from /usr/lib/libcrypto.so.2...(no debugging symbols found)... done. Reading symbols from /usr/lib/libc.so.4...(no debugging symbols found)...done. Reading symbols from /usr/libexec/ld-elf.so.1...(no debugging symbols found)... done. #0 0x2819be32 in vfprintf () from /usr/lib/libc.so.4 (gdb) bt #0 0x2819be32 in vfprintf () from /usr/lib/libc.so.4 #1 0x281891e4 in printf () from /usr/lib/libc.so.4 #2 0x804b1f8 in sigprocmask () #3 0x804ba34 in sigprocmask () #4 0x804a215 in sigprocmask () (gdb) I am no gdb guru, but it seems to me that if I do this: (gdb) run -p -d Starting program: /usr/bin/ssh-keygen -p -d (no debugging symbols found)...(no debugging symbols found)... Enter file in which the key is (/home/anarcat/.ssh/id_dsa): Enter old passphrase: (no debugging symbols found)... Program received signal SIGSEGV, Segmentation fault. 0x2819be32 in vfprintf () from /usr/lib/libc.so.4 (gdb) bt #0 0x2819be32 in vfprintf () from /usr/lib/libc.so.4 #1 0x281891e4 in printf () from /usr/lib/libc.so.4 #2 0x804b1f8 in sigprocmask () #3 0x804ba34 in sigprocmask () #4 0x804a215 in sigprocmask () (gdb) symbol /usr/obj/usr/src/secure/usr.bin/ssh-keygen/ssh-keygen.debug Reading symbols from /usr/obj/usr/src/secure/usr.bin/ssh-keygen/ssh-keygen.debug...done. I don't supposed it would work? Anyways, by the results of the tests I ran here, no. Is this correct? Is the information from ssh-keygen.debug valid even if ssh-keygen was run? >How-To-Repeat: anarcat@shall[~]% ssh-keygen -p -d Enter file in which the key is (/home/anarcat/.ssh/id_dsa): Enter old passphrase: zsh: segmentation fault ssh-keygen -p -d It does not affect RSA keys: anarcat@shall[~]% ssh-keygen -p Enter file in which the key is (/home/anarcat/.ssh/identity): Enter old passphrase: Key has comment 'anarcat@shall.anarcat.dyndns.org' Enter new passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved with the new passphrase. >Fix: Workaround: Compile the program with debugging symbols: anarcat@shall[/usr/obj/usr/src/secure/usr.bin/ssh-keygen]% ./ssh-keygen.debug -p -d Enter file in which the key is (/home/anarcat/.ssh/id_dsa): Enter old passphrase: Key has comment 'z¸PÕ' Enter new passphrase (empty for no passphrase): sh-keygen.debug in free(): warning: junk pointer, too high to make sense. Your identification has been saved with the new passphrase. Fix: Unknown. The problem is probably with comment handling code. I am available for further testing, but I of course cannot disclose my private keyfile. ;) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011121214817.6B26E20ADB>