bugzilla-daemon at mindrot.org
2014-Apr-12 03:41 UTC
[Bug 2225] New: sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
Bug ID: 2225
Summary: sshd core dumps when used in high scaled environments.
Product: Portable OpenSSH
Version: 6.2p1
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P5
Component: sshd
Assignee: unassigned-bugs at mindrot.org
Reporter: kavi at juniper.net
Created attachment 2424
--> https://bugzilla.mindrot.org/attachment.cgi?id=2424&action=edit
possible fix.
sshd crashes with the core dump when used in high scale environment.
The program crashes inside the function "cleanup_exit" at line
if (use_privsep && privsep_is_preauth && pmonitor->m_pid >
1)
It is always assumed here that pmonitor is always not NULL.
However pmonitor can be null, in the execution sequence below:
#0 0x0804e214 in cleanup_exit (i=255) at
../../../../../../src/crypto/openssh/sshd.c:2415
#1 0x080ae7bf in fatal (fmt=0x80b8ea6 "%s: socketpair: %s") at
../../../../../../src/crypto/openssh/fatal.c:42
#2 0x08065779 in monitor_openfds (mon=0x80eb5c0, do_logfds=1) at
../../../../../../src/crypto/openssh/monitor.c:1877
#3 0x080658ee in monitor_init () at
../../../../../../src/crypto/openssh/monitor.c:1903
#4 0x080507fd in privsep_preauth (authctxt=0x0) at
../../../../../../src/crypto/openssh/sshd.c:669
#5 0x08051f72 in main (ac=903248, av=0xc811cc00) at
../../../../../../src/crypto/openssh/sshd.c:2014
Here the pmonitor is NULL inside "privsep_preauth", which calls
"monitor_init". "monitor_init" allocates memory for mon and
calls
"monitor_openfds"
However inside "monitor_openfds" the call to socketpair fails. (in our
case with errno = 23 /* Too many open files in system */).
This calls "fatal" which in-turn calls "cleanup_exit".
Since pmonitor is not initialized until now, it crashes.
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-12 03:41 UTC
[Bug 2225] sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
kavitha <kavi at juniper.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kavi at juniper.net
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-12 04:56 UTC
[Bug 2225] sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution|--- |FIXED
Blocks| |2226
CC| |djm at mindrot.org
--- Comment #1 from Damien Miller <djm at mindrot.org> ---
Patch applied - this will be in OpenSSH-6.7. Thanks!
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Apr-13 11:47 UTC
[Bug 2225] sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
Darren Tucker <dtucker at zip.com.au> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2424| |ok+
Flags| |
CC| |dtucker at zip.com.au
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2014-Oct-07 21:00 UTC
[Bug 2225] sshd core dumps when used in high scaled environments.
https://bugzilla.mindrot.org/show_bug.cgi?id=2225
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all bugs left open from 6.6 and 6.7 releases.
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.