bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 10:43 UTC
[Bug 2702] New: ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 Bug ID: 2702 Summary: ssh compiled with --with-ldns segfaults during known_hosts parsing Product: Portable OpenSSH Version: 7.5p1 Hardware: amd64 OS: Linux Status: NEW Severity: normal Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: aranea at aixah.de Created attachment 2968 --> https://bugzilla.mindrot.org/attachment.cgi?id=2968&action=edit Backtrace of ssh 7.5p1 segfaulting When OpenSSH-7.5p1 is compiled with "./configure --with-ldns", ssh <somehost> segfaults if the host's key is already recorded in known_hosts. The current head of the master branch is affected too. Builds with --without-ldns don't exhibit the problem, and neither does OpenSSH-7.4p1 (according to git bisect, the commit 523db854 "prefer to use ldns-config to find libldns" introduced the bug). My ssh_config is empty, and I've tested this against a variety of sshd's (including github.com). I'll attach a backtrace; if you need a coredump or information about my build environment, please let me know. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 11:06 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 --- Comment #1 from Luis Ressel <aranea at aixah.de> --- Interestingly, running "./configure --with-ldns" before the first bad commit reports "libldns support: no"; hence it's likely that the real bug is older and it's just been masked so far by configure not finding the ldns library. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 11:25 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 --- Comment #2 from Luis Ressel <aranea at aixah.de> --- Sorry, please ignore my previous comment. I mixed up the logs. -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 12:03 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 --- Comment #3 from Luis Ressel <aranea at aixah.de> --- Created attachment 2969 --> https://bugzilla.mindrot.org/attachment.cgi?id=2969&action=edit Build log for last good commit c998bf0a with --with-ldns -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 12:04 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 --- Comment #4 from Luis Ressel <aranea at aixah.de> --- Created attachment 2970 --> https://bugzilla.mindrot.org/attachment.cgi?id=2970&action=edit Build log for first bad commit 523db854 with --with-ldns -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 12:13 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 --- Comment #5 from Luis Ressel <aranea at aixah.de> --- Created attachment 2971 --> https://bugzilla.mindrot.org/attachment.cgi?id=2971&action=edit Build log for first bad commit 523db854 with --without-ldns I've attached some build logs. Looking at the diff between the two logs for the bad commit, it looks like --with-ldns confuses ./configure into finding some functions provided by libbsd.so; this causes problems later on because the compiled binaries don't link against this library. I'm a bit clueless why this happens, since I haven't found any relevant libraries which link against libbsd (in particular, libldns doesn't link against it). -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 12:30 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 Luis Ressel <aranea at aixah.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|ssh |Build system -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2017-Mar-31 13:34 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 --- Comment #6 from Luis Ressel <aranea at aixah.de> --- Okay, I think I've figured this out. When I enable --with-ldns, ./configure adds the output of "ldns-config --libs" (that's "-Wl,-O1 -Wl,--as-needed -L/usr/lib64 -lcrypto -lldns") to all of its internal gcc calls. On my system, libcrypto.so is provided by libressl and has some internal symbols (strlcat, strlcpy, reallocarray, explicit_bzero, timingsafe_bcmp and reallocarray) which configure searches for and wouldn't otherwise have found. Thus, ssh uses libressl's version of these functions instead of its own versions in the openbsd-compat/ folder. This somehow causes my segfault. I have no idea how to fix this, though, since the autotools are a huge blackbox to me. Could we prevent configure from adding ${ldns-config --libs} to all its compiler calls (and instead only add it to the ldns-related compiler calls)? This sounds like a messy hack, though... -- You are receiving this mail because: You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2019-Jul-19 05:35 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |djm at mindrot.org --- Comment #7 from Damien Miller <djm at mindrot.org> --- I think, generally, if one of your dependencies is using a particular version/vendor libcrypto.so then you have to use it everywhere and not try to mix and match. I.e. either recompile ldns against LibreSSL or compile OpenSSH against the same libcrypto/headers as ldns -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2020-Jan-25 07:24 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |INVALID --- Comment #8 from Damien Miller <djm at mindrot.org> --- closing; OpenSSH can't detect conflicts in dependent libraries itself. -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Mar-03 22:54 UTC
[Bug 2702] ssh compiled with --with-ldns segfaults during known_hosts parsing
https://bugzilla.mindrot.org/show_bug.cgi?id=2702 Damien Miller <djm at mindrot.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED --- Comment #9 from Damien Miller <djm at mindrot.org> --- close bugs that were resolved in OpenSSH 8.5 release cycle -- You are receiving this mail because: You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Maybe Matching Threads
- [Bug 2593] New: List of forwarded connections not updated after cancellation
- [Bug 2603] New: Build with ldns and without kerberos support fails if ldns compiled with kerberos support
- sshfp/ldns still having issues in 7.6
- [Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
- [Bug 2708] New: openssh: 7.5p1 update breaks ldns/sshfp