If the LIBEDIT option is enabled, the resulting binaries segfault when user-input is required. Building with LIBEDIT disabled results in a working binary. Tested on 11.1 with LibreSSL 2.6.2.
I also get a segfault, but having libedit compiled doesn't matter. The error happens when running /usr/local/sbin/sshd. I run 11.1-STABLE with LibreSSL 2.6.2.
Created attachment 187165 [details] truss of /usr/local/sbin/sshd
I've just noticed that the crash happens after reading the first line of the config file, but it doesn't have anything special: # $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. The version I have installed is the newest (7.6.p1_1,1).
The common factor with crashes is libressl or stable-11... very weird.
(In reply to Piotr Kubaj from comment #3) I noticed the same, if I comment out PermitRootLogin, MaxAuthTries and AuthorizedKeysFile from my sshd_config it then segfaults when loading the host keys. Disabling LIBEDIT made no difference for me. FreeBSD 11.1, LibreSSL 2.5.5
Mind sharing your sshd_config? read(3,"#\t$OpenBSD: sshd_config,v 1.97 "...,4608) = 4291 (0x10c3) It is reading more than the first line, 4291 bytes read.
(In reply to Bryan Drewery from comment #6) The whole file is 4291 bytes long, so that doesn't explain anything: -rw-r--r-- 1 root wheel 4291 Oct 13 17:39 sshd_config Still, here you are: https://pastebin.com/NrWjdZkK The file is slightly shorter because I removed ListenAddress: egrep -v ListenAddress sshd_config | pastebinit
Happening to me as well on 11.1-R with libressl. I tried running sshd using sshd_config.sample as the config file with the same result, so in my case, it segfaults even if there are no changes to sshd_config. Config options are unchanged as well.
(In reply to Piotr Kubaj from comment #7) > (In reply to Bryan Drewery from comment #6) > The whole file is 4291 bytes long, so that doesn't explain anything: > -rw-r--r-- 1 root wheel 4291 Oct 13 17:39 sshd_config > > Still, here you are: https://pastebin.com/NrWjdZkK > > The file is slightly shorter because I removed ListenAddress: > egrep -v ListenAddress sshd_config | pastebinit The point was it is not just reading the first line, it may be processing other options in there.
Same here. FreeBSD 11.1-STABLE #0 r324609 (built 12 hours ago), with libressl-2.5.5 Tried also with the default sshd_config: # /usr/local/etc/rc.d/openssh onestart Generating public/private dsa key pair. Segmentation fault (core dumped) Generating public/private rsa key pair. Segmentation fault (core dumped) You already have a Elliptic Curve DSA host key in /usr/local/etc/ssh/ssh_host_ecdsa_key Skipping protocol version 2 Elliptic Curve DSA Key Generation Generating public/private ed25519 key pair. Segmentation fault (core dumped) Performing sanity check on openssh configuration. Could not load host key: /usr/local/etc/ssh/ssh_host_rsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_dsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_ed25519_key Starting openssh. Could not load host key: /usr/local/etc/ssh/ssh_host_rsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_dsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_ed25519_key When trying to use old keys (skipping key generation): # /usr/local/etc/rc.d/openssh onestart Performing sanity check on openssh configuration. Segmentation fault /usr/local/etc/rc.d/openssh: WARNING: failed precmd routine for openssh
It looks like compiling without LDNS produces working sshd.
A commit references this bug: Author: bdrewery Date: Sat Oct 14 18:09:35 UTC 2017 New revision: 452074 URL: https://svnweb.freebsd.org/changeset/ports/452074 Log: Mark broken with libressl as it has several random crashses. PR: 223000 Changes: head/security/openssh-portable/Makefile
sshd and LibreSSL seem to work fine here - could you mark it IGNORE (or BROKEN), but only if LDNS is chosen?
(In reply to Piotr Kubaj from comment #11) I can confirm that disabling LDNS solves the issue for me.
Confirmed that LDNS causes the segfaults and not LibreSSL.
Tested on 10.4-STABLE and 11.1-STABLE
(In reply to Markus Kohlmeyer from comment #15) > Confirmed that LDNS causes the segfaults and not LibreSSL. Are you using LibreSSL?
(In reply to Bryan Drewery from comment #17) Yes, i'm using security/libressl (2.5.5) on both 10.4 and 11.1
Please try this patch: https://people.freebsd.org/~bdrewery/patches/libressl-ldns.diff
(In reply to Bryan Drewery from comment #19) > Please try this patch: > https://people.freebsd.org/~bdrewery/patches/libressl-ldns.diff The difference is in linking: before: Libraries: -lcrypto -lz -L/usr/local/lib -lutil -Wl,-rpath,/usr/local/lib -fstack-protector -L/usr/local/lib -L/usr/local/lib -lcrypto -lldns -lcrypt after: Libraries: -lcrypto -lldns -lz -L/usr/local/lib -lutil -lcrypt
(In reply to Bryan Drewery from comment #19) The patch works for me on both 10.4 and 11.1
A commit references this bug: Author: bdrewery Date: Wed Oct 18 17:19:26 UTC 2017 New revision: 452358 URL: https://svnweb.freebsd.org/changeset/ports/452358 Log: LibreSSL + LDNS: Fix random crashes. This happens due to ldns-config --libs adding in too many libraries (overlinking), and -lcrypto again, which causes some strange conflict/corruption. By specifying the path to --with-ldns, configure only adds in -ldns rather than every library ldns itself needs. PR: 223000 Reported by: many Changes: head/security/openssh-portable/Makefile
MARKED AS SPAM