|Summary:||security/openssh-portable: segfault with LibreSSL + LDNS|
|Product:||Ports & Packages||Reporter:||Bernard Spil <brnrd>|
|Component:||Individual Port(s)||Assignee:||Bryan Drewery <bdrewery>|
|Severity:||Affects Only Me||CC:||andrew, clukas, daz, franco, gessel, pkubaj, rootservice, rozhuk.im, sgs, tablooaraz, vidar|
Description Bernard Spil 2017-10-14 09:16:23 UTC
If the LIBEDIT option is enabled, the resulting binaries segfault when user-input is required. Building with LIBEDIT disabled results in a working binary. Tested on 11.1 with LibreSSL 2.6.2.
Comment 1 Piotr Kubaj 2017-10-14 15:52:09 UTC
I also get a segfault, but having libedit compiled doesn't matter. The error happens when running /usr/local/sbin/sshd. I run 11.1-STABLE with LibreSSL 2.6.2.
Comment 2 Piotr Kubaj 2017-10-14 15:55:12 UTC
Created attachment 187165 [details] truss of /usr/local/sbin/sshd
Comment 3 Piotr Kubaj 2017-10-14 16:11:23 UTC
I've just noticed that the crash happens after reading the first line of the config file, but it doesn't have anything special: # $OpenBSD: sshd_config,v 1.97 2015/08/06 14:53:21 deraadt Exp $ # This is the sshd server system-wide configuration file. See # sshd_config(5) for more information. The version I have installed is the newest (7.6.p1_1,1).
Comment 4 Bryan Drewery 2017-10-14 16:49:53 UTC
The common factor with crashes is libressl or stable-11... very weird.
Comment 5 Andrew Fyfe 2017-10-14 17:02:40 UTC
(In reply to Piotr Kubaj from comment #3) I noticed the same, if I comment out PermitRootLogin, MaxAuthTries and AuthorizedKeysFile from my sshd_config it then segfaults when loading the host keys. Disabling LIBEDIT made no difference for me. FreeBSD 11.1, LibreSSL 2.5.5
Comment 6 Bryan Drewery 2017-10-14 17:07:59 UTC
Mind sharing your sshd_config? read(3,"#\t$OpenBSD: sshd_config,v 1.97 "...,4608) = 4291 (0x10c3) It is reading more than the first line, 4291 bytes read.
Comment 7 Piotr Kubaj 2017-10-14 17:17:27 UTC
(In reply to Bryan Drewery from comment #6) The whole file is 4291 bytes long, so that doesn't explain anything: -rw-r--r-- 1 root wheel 4291 Oct 13 17:39 sshd_config Still, here you are: https://pastebin.com/NrWjdZkK The file is slightly shorter because I removed ListenAddress: egrep -v ListenAddress sshd_config | pastebinit
Comment 8 David Z. 2017-10-14 17:24:29 UTC
Happening to me as well on 11.1-R with libressl. I tried running sshd using sshd_config.sample as the config file with the same result, so in my case, it segfaults even if there are no changes to sshd_config. Config options are unchanged as well.
Comment 9 Bryan Drewery 2017-10-14 17:26:14 UTC
(In reply to Piotr Kubaj from comment #7) > (In reply to Bryan Drewery from comment #6) > The whole file is 4291 bytes long, so that doesn't explain anything: > -rw-r--r-- 1 root wheel 4291 Oct 13 17:39 sshd_config > > Still, here you are: https://pastebin.com/NrWjdZkK > > The file is slightly shorter because I removed ListenAddress: > egrep -v ListenAddress sshd_config | pastebinit The point was it is not just reading the first line, it may be processing other options in there.
Comment 10 Simeon Simeonov 2017-10-14 17:33:49 UTC
Same here. FreeBSD 11.1-STABLE #0 r324609 (built 12 hours ago), with libressl-2.5.5 Tried also with the default sshd_config: # /usr/local/etc/rc.d/openssh onestart Generating public/private dsa key pair. Segmentation fault (core dumped) Generating public/private rsa key pair. Segmentation fault (core dumped) You already have a Elliptic Curve DSA host key in /usr/local/etc/ssh/ssh_host_ecdsa_key Skipping protocol version 2 Elliptic Curve DSA Key Generation Generating public/private ed25519 key pair. Segmentation fault (core dumped) Performing sanity check on openssh configuration. Could not load host key: /usr/local/etc/ssh/ssh_host_rsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_dsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_ed25519_key Starting openssh. Could not load host key: /usr/local/etc/ssh/ssh_host_rsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_dsa_key Could not load host key: /usr/local/etc/ssh/ssh_host_ed25519_key When trying to use old keys (skipping key generation): # /usr/local/etc/rc.d/openssh onestart Performing sanity check on openssh configuration. Segmentation fault /usr/local/etc/rc.d/openssh: WARNING: failed precmd routine for openssh
Comment 11 Piotr Kubaj 2017-10-14 17:55:36 UTC
It looks like compiling without LDNS produces working sshd.
Comment 12 commit-hook 2017-10-14 18:10:35 UTC
A commit references this bug: Author: bdrewery Date: Sat Oct 14 18:09:35 UTC 2017 New revision: 452074 URL: https://svnweb.freebsd.org/changeset/ports/452074 Log: Mark broken with libressl as it has several random crashses. PR: 223000 Changes: head/security/openssh-portable/Makefile
Comment 13 Piotr Kubaj 2017-10-14 18:15:37 UTC
sshd and LibreSSL seem to work fine here - could you mark it IGNORE (or BROKEN), but only if LDNS is chosen?
Comment 14 David Z. 2017-10-14 18:23:42 UTC
(In reply to Piotr Kubaj from comment #11) I can confirm that disabling LDNS solves the issue for me.
Comment 15 Markus Kohlmeyer 2017-10-15 22:25:01 UTC
Confirmed that LDNS causes the segfaults and not LibreSSL.
Comment 16 Markus Kohlmeyer 2017-10-15 22:28:38 UTC
Tested on 10.4-STABLE and 11.1-STABLE
Comment 17 Bryan Drewery 2017-10-16 20:14:58 UTC
(In reply to Markus Kohlmeyer from comment #15) > Confirmed that LDNS causes the segfaults and not LibreSSL. Are you using LibreSSL?
Comment 18 Markus Kohlmeyer 2017-10-16 20:57:57 UTC
(In reply to Bryan Drewery from comment #17) Yes, i'm using security/libressl (2.5.5) on both 10.4 and 11.1
Comment 19 Bryan Drewery 2017-10-16 21:22:39 UTC
Please try this patch: https://people.freebsd.org/~bdrewery/patches/libressl-ldns.diff
Comment 20 Bryan Drewery 2017-10-16 21:24:36 UTC
(In reply to Bryan Drewery from comment #19) > Please try this patch: > https://people.freebsd.org/~bdrewery/patches/libressl-ldns.diff The difference is in linking: before: Libraries: -lcrypto -lz -L/usr/local/lib -lutil -Wl,-rpath,/usr/local/lib -fstack-protector -L/usr/local/lib -L/usr/local/lib -lcrypto -lldns -lcrypt after: Libraries: -lcrypto -lldns -lz -L/usr/local/lib -lutil -lcrypt
Comment 21 Markus Kohlmeyer 2017-10-16 21:41:18 UTC
(In reply to Bryan Drewery from comment #19) The patch works for me on both 10.4 and 11.1
Comment 22 commit-hook 2017-10-18 17:19:59 UTC
A commit references this bug: Author: bdrewery Date: Wed Oct 18 17:19:26 UTC 2017 New revision: 452358 URL: https://svnweb.freebsd.org/changeset/ports/452358 Log: LibreSSL + LDNS: Fix random crashes. This happens due to ldns-config --libs adding in too many libraries (overlinking), and -lcrypto again, which causes some strange conflict/corruption. By specifying the path to --with-ldns, configure only adds in -ldns rather than every library ldns itself needs. PR: 223000 Reported by: many Changes: head/security/openssh-portable/Makefile
Comment 23 vali gholami 2017-11-26 20:46:44 UTC
MARKED AS SPAM