[ libssh2-Bugs-2659057 ] segfault when reading in DSA private key on Ubuntu 64 bit

Sun, 05 Apr 2009 11:37:14 -0700 

Bugs item #2659057, was opened at 2009-03-04 00:27
Message generated for change (Comment added) made by bagder
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
>Category: crypto
Group: None
Status: Open
Resolution: None
>Priority: 6
Private: No
Submitted By: Joshua McClintock (jmcclintock777)
>Assigned to: Daniel Stenberg (bagder)
Summary: segfault when reading in DSA private key on Ubuntu 64 bit

Initial Comment:
Hello, I'm using Net::SSH2 in perl which links against libssh2.  I've tried old 
versions 0.18, the release 1.0 and a cvs snapshot from today.  I get the same 
results on all 3.

I'm running Ubuntu 8.04.1 64 bit


Here's an ldd against libssh2.so

        linux-vdso.so.1 =>  (0x00007fff829fe000)
        libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0x00007f8e7a417000)
        libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0x00007f8e7a097000)
        libz.so.1 => /usr/lib/libz.so.1 (0x00007f8e79e7f000)
        libc.so.6 => /lib/libc.so.6 (0x00007f8e79b1d000)
        libdl.so.2 => /lib/libdl.so.2 (0x00007f8e79919000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f8e7a88b000)


Here's an strace of the event:


connect(5, {sa_family=AF_INET, sin_port=htons(22), 
sin_addr=inet_addr("10.0.0.18")}, 16) = 0
setsockopt(5, SOL_SOCKET, SO_LINGER, [0], 4) = -1 EINVAL (Invalid argument)
fcntl(5, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(5, F_GETFL)                       = 0x2 (flags O_RDWR)
fcntl(5, F_SETFL, O_RDWR)               = 0
sendto(5, "SSH-2.0-libssh2_1.0.1-20090303\r\n", 32, MSG_NOSIGNAL, NULL, 0) = 32
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "S", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "H", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "-", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "2", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, ".", 1, MSG_NOSIGNAL, NULL, NULL) = 1
recvfrom(5, "0", 1, MSG_NOSIGNAL, NULL, NULL) = 1
...
...
...
...
open("/root/.ssh/id_dsa.pub", O_RDONLY) = 6
fstat(6, {st_mode=S_IFREG|0644, st_size=606, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7fb109566000
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
lseek(6, 0, SEEK_SET)                   = 0
read(6, "ssh-dss AAAAB3NzaC1kc3MAAACBAPjV"..., 4096) = 606
close(6)                                = 0
munmap(0x7fb109566000, 4096)            = 0
sendto(5, "\241&\206\212}w^\330\t\325RL\341\201\213\224\21e\4\221"..., 532, 
MSG_NOSIGNAL, NULL, 0) = 532
recvfrom(5, "\323\202\367\216\375\264\220\2418fT\36\2343\323\264aI\347"..., 
4096, MSG_NOSIGNAL, NULL, NULL) = 484
open("/root/.ssh/id_dsa", O_RDONLY)     = 6
fstat(6, {st_mode=S_IFREG|0600, st_size=672, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 
0x7fb109566000
read(6, "-----BEGIN DSA PRIVATE KEY-----\n"..., 4096) = 672
close(6)                                = 0
munmap(0x7fb109566000, 4096)            = 0
sendto(5, "K\201:o=\345u w\305ge\17yd\273\270\272\201\254k\256\375"..., 580, 
MSG_NOSIGNAL, NULL, 0) = 580
recvfrom(5, "\356\'\260\307\365\343\246\257\255#;u\241\305\372aG]\371"..., 
4096, MSG_NOSIGNAL, NULL, NULL) = 36
sendto(5, "F\214\373,*\277\275q\17\273\262,\376\245\20T\320V<P!(_"..., 68, 
MSG_NOSIGNAL, NULL, 0) = 68
recvfrom(5, "\35\335\260\352&\306\277\242\2266\336+\203\177\206\250"..., 4096, 
MSG_NOSIGNAL, NULL, NULL) = 52
--- SIGSEGV (Segmentation fault) @ 0 (0) ---
+++ killed by SIGSEGV +++
Process 6226 detached


I don't know how to use GDB to give you better information.  Is there anything 
I should check or command I could run to get you better info?

----------------------------------------------------------------------

>Comment By: Daniel Stenberg (bagder)
Date: 2009-04-05 20:35

Message:
'bt' in gdb gives much better data, especially if you have a libssh2 built
with debug symbols.

Without that, this is virtually impossible to figure out...

Does it always happen and seemingly on the same spot?

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=703942&aid=2659057&group_id=125852

------------------------------------------------------------------------------
_______________________________________________
libssh2-devel mailing list
libssh2-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/libssh2-devel

Reply via email to