Ticket #89 (closed defect)
Opened 3 years ago
Last modified 3 years ago
segfault when reading in DSA private key on Ubuntu 64 bit
| Reported by: | jmcclintock777 | Owned by: | bagder |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | crypto | Version: | |
| Keywords: | Cc: | jmcclintock777, bagder, roadrunn | |
| Blocked By: | Blocks: |
Description
Hello, I'm using Net::SSH2 in perl which links against libssh2. I've tried old versions 0.18, the release 1.0 and a cvs snapshot from today. I get the same results on all 3.
I'm running Ubuntu 8.04.1 64 bit
Here's an ldd against libssh2.so
linux-vdso.so.1 => (0x00007fff829fe000)
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f8e7a417000)
libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007f8e7a097000)
libz.so.1 => /usr/lib/libz.so.1 (0x00007f8e79e7f000)
libc.so.6 => /lib/libc.so.6 (0x00007f8e79b1d000)
libdl.so.2 => /lib/libdl.so.2 (0x00007f8e79919000)
/lib64/ld-linux-x86-64.so.2 (0x00007f8e7a88b000)
Here's an strace of the event:
connect(5, {sa_family=AF_INET, sin_port=htons(22), sin_addr=inet_addr("10.0.0.18")}, 16) = 0
setsockopt(5, SOL_SOCKET, SO_LINGER, [0], 4) = -1 EINVAL (Invalid argument)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR) = 0
sendto(5, "SSH-2.0-libssh2_1.0.1-20090303\r\n", 32, MSG_NOSIGNAL, NULL, 0) = 32
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "H", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "-", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "2", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, ".", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "0", 1, MSG_NOSIGNAL, NULL, NULL) = 1
...
...
...
...
open("/root/.ssh/id_dsa.pub", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=606, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
lseek(6, 0, SEEK_SET) = 0
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "\241&\206\212}w\330\t\325RL\341\201\213\224\21e\4\221"..., 532, MSG_NOSIGNAL, NULL, 0) = 532
recvfrom(5, "\323\202\367\216\375\264\220\2418fT\36\2343\323\264aI\347"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 484
open("/root/.ssh/id_dsa", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb109566000
read(6, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
close(6) = 0
munmap(0x7fb109566000, 4096) = 0
sendto(5, "K\201:o=\345u w\305ge\17yd\273\270\272\201\254k\256\375"..., 580, MSG_NOSIGNAL, NULL, 0) = 580
recvfrom(5, "\356\'\260\307\365\343\246\257\255#;u\241\305\372aG]\371"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 36
sendto(5, "F\214\373,*\277\275q\17\273\262,\376\245\20T\320V<P!(_"..., 68, MSG_NOSIGNAL, NULL, 0) = 68
recvfrom(5, "\35\335\260\352&\306\277\242\2266\336+\203\177\206\250"..., 4096, MSG_NOSIGNAL, NULL, NULL) = 52
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 6226 detached
I don't know how to use GDB to give you better information. Is there anything I should check or command I could run to get you better info?
Change History
comment:1 Changed 3 years ago by bagder
comment:2 Changed 3 years ago by roadrunn
Another question. What build of OpenSSL 0.9.8 are you using? Have had random segv's with earlier builds of both 0.9.8 and 0.9.7.
comment:3 Changed 3 years ago by bagder
Thanks for your help on improving libssh2!
We need more details on this bug entry to be able to sort it out properly, and until more info is provided this entry will be set to 'pending' status and will get closed automatically at a later date unless feedback has been given.
comment:4 Changed 3 years ago by anonymous
To answer roadrunn's question, I'm running openssl 0.9.8g-4ubuntu3.4. When the segfault happens, it happens in the same place every time, no exceptions.
I'm going to grab the latest version and compile again. To enable debug symbols, do I just compile with --enable-debug?
comment:5 Changed 3 years ago by jmcclintock777
To be more specific, the segfault happens in the same place and on every run, no exceptions.
Once I have libssh2 complied with debug, do I execute my program with gdb? If so, (and I'm sorry for the ignorance), can you give me the quick steps to launch it with gdb and what to do next once I've done that?
comment:6 Changed 3 years ago by roadrunn
Normally what I use is "gdb --args <program name> <program args if any>". When you get the segv it will stop and use "bt" to print a backtrace of the stack.
comment:7 Changed 3 years ago by jmcclintock777
Ok, I didn't realize Ubuntu had their own packaged version of libssh2. I'm now using that, and the segfault went away.
'bt' in gdb gives much better data, especially if you have a libssh2 built with debug symbols.
Without that, this is virtually impossible to figure out...
Does it always happen and seemingly on the same spot?