Ticket #117 (closed defect: wontfix)

Opened 8 years ago

Last modified 7 years ago

crash with libgcrypt

Reported by: fdupoux Owned by:
Priority: normal Milestone:
Component: crypto Version:
Keywords: Cc: fdupoux
Blocked By: Blocks:

Description

Hi,

I am using libssh2-1.2 to get a shell through ssh connections and the program often crashes when libssh2-1.2 is using libgcrypt (there is a crash every few
hours). The program is linked to libgcrypt.so.11 when it fails. The error message is always the same when it aborts:
programname: ath.c:193: _gcry_ath_mutex_lock: Assertion `*lock == ((ath_mutex_t) 0)' failed.

I currently have this problem on a Debian Lenny-5.03-amd64 system. I have only installed "debian/stable" packages on my system except those which are in "debian/testing":
libgcrypt11 1.4.4-4
libgpg-error0 1.6-1
libssh2-1 1.2-1
libssh2-1-dbg 1.2-1
libssh2-1-dev 1.2-1

I recompiled libssh2-1.2 on other boxes using OpenSSL for crypto (using libcrypto.so.6) and there was no crash. Unfortunately the debian version of libssh2-1.2 is compiled against the libgcrypt implementation of crypto.

I have reproduced this problem on multiple linux boxes (i686 and x86-64).

I don't know if it's a problem in libssh2 or in libcrypto, but I hope these two backtraces below will help to fix it. Unfortunately there is no libgcrypt11-dbg
package available for that version of libgcrypt, so the backtrace is incomplete.

Thanks

(gdb) bt
#0 0x00007faa5bae8ed5 in raise () from /lib/libc.so.6
#1 0x00007faa5baea3f3 in abort () from /lib/libc.so.6
#2 0x00007faa5bae1dc9 in assert_fail () from /lib/libc.so.6
#3 0x00007faa5af67fcb in ?? () from /usr/lib/libgcrypt.so.11
#4 0x00007faa5af9c5d0 in ?? () from /usr/lib/libgcrypt.so.11
#5 0x00007faa5af9c71e in ?? () from /usr/lib/libgcrypt.so.11
#6 0x00007faa5af9d72d in ?? () from /usr/lib/libgcrypt.so.11
#7 0x00007faa5be26113 in _libssh2_transport_write (session=0x1c0cac0,

data=0x7faa540012a0 "", data_len=69) at transport.c:758

#8 0x00007faa5be0f48c in _libssh2_channel_write (channel=0x1bff560, stream_id=0,

buf=0x421e0bf0 "echo \"#{START}#$(echo '[*895346*]'
2>&1)#{RES}#${?}#{END}#\"\n", buflen=60) at channel.c:2114

#9 0x00007faa5be0f721 in libssh2_channel_write_ex (channel=0x1bff560, stream_id=0,

buf=0x421e0bf0 "echo \"#{START}#$(echo '[*895346*]'
2>&1)#{RES}#${?}#{END}#\"\n", buflen=60) at channel.c:2161

(gdb) bt
#0 0x00007faa5bae8ed5 in raise () from /lib/libc.so.6
#1 0x00007faa5baea3f3 in abort () from /lib/libc.so.6
#2 0x00007faa5bae1dc9 in assert_fail () from /lib/libc.so.6
#3 0x00007faa5af67fcb in ?? () from /usr/lib/libgcrypt.so.11
#4 0x00007faa5af9c5d0 in ?? () from /usr/lib/libgcrypt.so.11
#5 0x00007faa5af9c71e in ?? () from /usr/lib/libgcrypt.so.11
#6 0x00007faa5af9d72d in ?? () from /usr/lib/libgcrypt.so.11
#7 0x00007faa5be26113 in _libssh2_transport_write (session=0x7faa54060fa0,

data=0x7faa54049e50 "", data_len=69) at transport.c:758

#8 0x00007faa5be0f48c in _libssh2_channel_write (channel=0x7faa54044c60, stream_id=0,

buf=0x41b6fbf0 "echo \"#{START}#$(echo '[*463794*]'
2>&1)#{RES}#${?}#{END}#\"\n", buflen=60) at channel.c:2114

#9 0x00007faa5be0f721 in libssh2_channel_write_ex (channel=0x7faa54044c60, stream_id=0,

buf=0x41b6fbf0 "echo \"#{START}#$(echo '[*463794*]'
2>&1)#{RES}#${?}#{END}#\"\n", buflen=60) at channel.c:2161

Change History

comment:1 Changed 8 years ago by fdupoux

Here is a more complete backtrace:

(gdb) bt
#0 0x00007f191239ced5 in raise () from /lib/libc.so.6
#1 0x00007f191239e3f3 in abort () from /lib/libc.so.6
#2 0x00007f1912395dc9 in assert_fail () from /lib/libc.so.6
#3 0x00007f191181bfcb in _gcry_ath_mutex_lock (lock=0x7f1911a80510) at ath.c:193
#4 0x00007f19118505d0 in lock_pool () at random-csprng.c:298
#5 0x00007f191185071e in initialize () at random-csprng.c:327
#6 0x00007f191185172d in _gcry_rngcsprng_randomize (buffer=0x6573, length=25976, level=6) at random-csprng.c:514
#7 0x00007f19126da113 in _libssh2_transport_write (session=0x7f190c008ca0, data=0x7f190c017b90 "", data_len=69) at transport.c:758
#8 0x00007f19126c348c in _libssh2_channel_write (channel=0x7f190c0065c0, stream_id=0, buf=0x42b34c10 "echo \"#{START}#$(echo '[*121361*]' 2>&1)#{RES}#${?}#{END}#\"\n", buflen=60)

at channel.c:2114

#9 0x00007f19126c3721 in libssh2_channel_write_ex (channel=0x7f190c0065c0, stream_id=0, buf=0x42b34c10 "echo \"#{START}#$(echo '[*121361*]' 2>&1)#{RES}#${?}#{END}#\"\n", buflen=60)

at channel.c:2161

comment:2 Changed 7 years ago by fdupoux

I think a mutex initialization for gcrypt is missing in libssh2_crypto_init()

multi-thread software using gcrypt have to set the thread support callbacks with the GCRYCTL_SET_THREAD_CBS command before any other function in the library:
http://www.gnupg.org/documentation/manuals/gcrypt/Multi_002dThreading.html

There is a very simple example here:
http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html

Thanks

comment:3 Changed 7 years ago by stuge

Can you reproduce with libssh2 version 1.2.4?

comment:4 Changed 7 years ago by josefsson.org

  • Resolution set to wontfix
  • Status changed from new to closed

Your application needs to set a libgcrypt mutex. Unfortunately, libssh2 cannot do this for you because libssh2 doesn't know which threading package you use. This is the same for all applications using libraries that use libgcrypt. For help, see for example the GnuTLS documentation on this:

http://www.gnu.org/software/gnutls/manual/html_node/Multi_002dthreaded-applications.html

Like GnuTLS, libssh2 is thread-safe internally. I'm tagging this as wontfix because I don't see us being able to do anything more here.

/Simon

Note: See TracTickets for help on using tickets.