Ticket #89 (closed defect)

Opened 8 years ago

Last modified 8 years ago

segfault when reading in DSA private key on Ubuntu 64 bit

Reported by: jmcclintock777 Owned by: bagder
Priority: high Milestone:
Component: crypto Version:
Keywords: Cc: jmcclintock777, bagder, roadrunn
Blocked By: Blocks:

Description

Hello, I'm using Net::SSH2 in perl which links against libssh2. I've tried old versions 0.18, the release 1.0 and a cvs snapshot from today. I get the same results on all 3.

I'm running Ubuntu 8.04.1 64 bit

Here's an ldd against libssh2.so

linux-vdso.so.1 => (0x00007fff829fe000)
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f8e7a417000)
libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007f8e7a097000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f8e79e7f000)
libc.so.6 => /lib/libc.so.6 (0x00007f8e79b1d000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f8e79919000)
/lib64/ld-linux-x86-64.so.2 (0x00007f8e7a88b000)

Here's an strace of the event:

connect(5, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("10.0.0.18")}, 16) = 0
setsockopt(5, SOL_SOCKET, SO_LINGER, [0], 4) = -1 EINVAL (Invalid argument)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR) = 0
sendto(5, "SSH-2.0-libssh2_1.0.1-20090303\r\n", 32, MSG_NOSIGNAL, NULL, 0) = 32
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "H", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "-", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "2", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, ".", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "0", 1, MSG_NOSIGNAL, NULL, NULL) = 1
...
...
...
...
open("/root/.ssh/id_dsa.pub", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=606, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
lseek(6, 0, SEEK_SET) = 0
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "\241&\206\212}w\330\t\325RL\341\201\213\224\21e\4\221"..., 532, MSG_NOSIGNAL, NULL, 0) = 532
recvfrom(5, "\323\202\367\216\375\264\220\2418fT\36\2343\323\264aI\347"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 484
open("/root/.ssh/id_dsa", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "K\201:o=\345u w\305ge\17yd\273\270\272\201\254k\256\375"..., 580, MSG_NOSIGNAL, NULL, 0) = 580
recvfrom(5, "\356\'\260\307\365\343\246\257\255#;u\241\305\372aG]\371"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 36
sendto(5, "F\214\373,*\277\275q\17\273\262,\376\245\20T\320V<P!(_"..., 68, MSG_NOSIGNAL, NULL, 0) = 68
recvfrom(5, "\35\335\260\352&\306\277\242\2266\336+\203\177\206\250"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 52
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 6226 detached

I don't know how to use GDB to give you better information. Is there anything I should check or command I could run to get you better info?

Change History

comment:1 Changed 8 years ago by bagder

'bt' in gdb gives much better data, especially if you have a libssh2 built with debug symbols.

Without that, this is virtually impossible to figure out...

Does it always happen and seemingly on the same spot?

comment:2 Changed 8 years ago by roadrunn

Another question. What build of OpenSSL 0.9.8 are you using? Have had random segv's with earlier builds of both 0.9.8 and 0.9.7.

comment:3 Changed 8 years ago by bagder

Thanks for your help on improving libssh2!

We need more details on this bug entry to be able to sort it out properly, and until more info is provided this entry will be set to 'pending' status and will get closed automatically at a later date unless feedback has been given.

comment:4 Changed 8 years ago by anonymous

To answer roadrunn's question, I'm running openssl 0.9.8g-4ubuntu3.4. When the segfault happens, it happens in the same place every time, no exceptions.

I'm going to grab the latest version and compile again. To enable debug symbols, do I just compile with --enable-debug?

comment:5 Changed 8 years ago by jmcclintock777

To be more specific, the segfault happens in the same place and on every run, no exceptions.

Once I have libssh2 complied with debug, do I execute my program with gdb? If so, (and I'm sorry for the ignorance), can you give me the quick steps to launch it with gdb and what to do next once I've done that?

comment:6 Changed 8 years ago by roadrunn

Normally what I use is "gdb --args <program name> <program args if any>". When you get the segv it will stop and use "bt" to print a backtrace of the stack.

comment:7 Changed 8 years ago by jmcclintock777

Ok, I didn't realize Ubuntu had their own packaged version of libssh2. I'm now using that, and the segfault went away.

Note: See TracTickets for help on using tickets.