bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-01 16:46 UTC
[Bug 2686] New: SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Bug ID: 2686 Summary: SSHD segfaults when trying to load RSA1 host keys Product: Portable OpenSSH Version: 7.4p1 Hardware: Other OS: Linux Status: NEW Keywords: patch Severity: enhancement Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: jjelen at redhat.com Created attachment 2952 --> https://bugzilla.mindrot.org/attachment.cgi?id=2952&action=edit possible patch During the transition from Protocol 1 and older openssh versions there is a possibility that the old configuration files will still have some of the old configuration options including the HostKeys pointing to the old key types (RSA1). I found in my sshd_config such a line and after updating OpenSSH I was unable to connect: HostKey /etc/ssh/ssh_host_key Removing the above line will make sshd work again. GDB traceback: Program received signal SIGSEGV, Segmentation fault. #0 match_pattern (s=s at entry=0x0, pattern=pattern at entry=0x7fffffffd520 "ecdsa-sha2-nistp256-cert-v01 at openssh.com") at match.c:98 #1 0x00005555555a7af3 in match_pattern_list (string=0x0, pattern=pattern at entry=0x555555831aa0 "ecdsa-sha2-nistp256-cert-v01 at openssh.com,ecdsa-sha2-nistp384-cert-v01 at openssh.com,ecdsa-sha2-nistp521-cert-v01 at openssh.com,ssh-ed25519-cert-v01 at openssh.com,ssh-rsa-cert-v01 at openssh.com,ssh-dss-cert-v0"..., dolower=dolower at entry=0) at match.c:156 #2 0x000055555556447c in list_hostkey_types () at sshd.c:794 #3 do_ssh2_kex () at sshd.c:2327 #4 0x00005555555622c1 in main (ac=<optimized out>, av=<optimized out>) at sshd.c:2181 Problem is in list_hostkey_types() which is not checking the return value of sshkey_ssh_name() (for RSA1 returns NULL). The openssh is build --with-ssh1 (to support SSH1 in clients), but that should not matter. I am not sure about the plans what everything will be removed in next release and if if maters for future, but certainly it maters for us that it is crashing sshd at this moment. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-01 16:50 UTC
[Bug 2686] SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 --- Comment #1 from Jakub Jelen <jjelen at redhat.com> --- well ... or just don't load the RSA1 keys in first place in sshd ... it might cause more problems in other code. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-01 17:34 UTC
[Bug 2686] SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 --- Comment #2 from Jakub Jelen <jjelen at redhat.com> --- With the above patch I am failing just litle bit further (but not segfault fortunately): Mar 01 18:05:49 rhel7 sshd[23583]: fatal: notify_hostkeys: couldn't put hostkey 0: unknown or unsupported key type Basically reverting the SSH1 these bits makes it pass for me: @@ -847,7 +848,7 @@ notify_hostkeys(struct ssh *ssh) for (i = nkeys = 0; i < options.num_host_key_files; i++) { key = get_hostkey_public_by_index(i, ssh); if (key == NULL || key->type == KEY_UNSPEC || - sshkey_is_cert(key)) + key->type == KEY_RSA1 || sshkey_is_cert(key)) continue; fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_DEFAULT); -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-15 01:38 UTC
[Bug 2686] SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2952|0 |1 is obsolete| | Status|NEW |ASSIGNED Assignee|unassigned-bugs at mindrot.org |djm at mindrot.org CC| |djm at mindrot.org, | |dtucker at zip.com.au Attachment #2963| |ok?(dtucker at zip.com.au) Flags| | --- Comment #3 from Damien Miller <djm at mindrot.org> --- Created attachment 2963 --> https://bugzilla.mindrot.org/attachment.cgi?id=2963&action=edit don't load RSA1 hostkeys This skips RSA1 keys when they are loaded. -- You are receiving this mail because: You are watching someone on the CC list of the bug. You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-15 01:39 UTC
[Bug 2686] SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |2647 Referenced Bugs: https://bugzilla.mindrot.org/show_bug.cgi?id=2647 [Bug 2647] Tracking bug for OpenSSH 7.5 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-15 01:58 UTC
[Bug 2686] SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- Attachment #2963|ok?(dtucker at zip.com.au) |ok+ Flags| | -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-15 02:18 UTC
[Bug 2686] SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution|--- |FIXED --- Comment #4 from Damien Miller <djm at mindrot.org> --- Applied. This will be in OpenSSH 7.5, due next week. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Apr-23 05:00 UTC
[Bug 2686] SSHD segfaults when trying to load RSA1 host keys
https://bugzilla.mindrot.org/show_bug.cgi?id=2686 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #5 from Damien Miller <djm at mindrot.org> --- closing resolved bugs as of 8.6p1 release -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.