thr3ads.net - freebsd stable - [FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man [Mar 2016]

If this information is useful, please help other people find it:
Share via:

Craig Green

2016-Mar-08 18:13 UTC

[FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

On 2016-03-08 7:45 AM, Mike Tancsa wrote:> Hi,
> 	I tried on 2 separate boxes, and sshd segfaults when this rev is applied
>
> 	---Mike
Just adding some debug logs showing a couple places where sshd exited. 
Encryption algorithm, kex and hmac didn't seem to matter.

Craig.
------


Mar  7 16:59:53 smtp1 sshd[40348]: debug1: rexec start in 5 out 5 
newsock 5 pipe 7 sock 8
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: inetd sockets after dupping: 3, 3
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: res_init()
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: Client protocol version 2.0; 
client software version SecureCRT_6.6.1 (x64 build 289) SecureCRT
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: no match: SecureCRT_6.6.1 
(x64 build 289) SecureCRT
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: SSH2_MSG_KEXINIT sent
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: SSH2_MSG_KEXINIT received
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: kex: client->server 
aes256-ctr hmac-sha1 none
Mar  7 16:59:53 smtp1 sshd[40348]: debug1: kex: server->client 
aes256-ctr hmac-sha1 none
Mar  7 16:59:53 smtp1 kernel: pid 40348 (sshd), uid 0: exited on signal 11


Mar  7 17:01:39 smtp1 sshd[46204]: debug1: rexec start in 5 out 5 
newsock 5 pipe 7 sock 8
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: inetd sockets after dupping: 3, 3
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: res_init()
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: Client protocol version 2.0; 
client software version OpenSSH_6.1_hpn13v11 FreeBSD-20120901
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: match: OpenSSH_6.1_hpn13v11 
FreeBSD-20120901 pat OpenSSH* compat 0x04000000
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: SSH2_MSG_KEXINIT sent
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: SSH2_MSG_KEXINIT received
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: kex: client->server 
aes128-ctr hmac-md5 none
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: kex: server->client 
aes128-ctr hmac-md5 none
Mar  7 17:01:39 smtp1 sshd[46204]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT
Mar  7 17:01:40 smtp1 kernel: pid 46204 (sshd), uid 0: exited on signal 11


Mar  7 17:02:01 smtp1 sshd[47350]: debug1: rexec start in 5 out 5 
newsock 5 pipe 7 sock 8
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: inetd sockets after dupping: 3, 3
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: res_init()
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: Client protocol version 2.0; 
client software version OpenSSH_6.1_hpn13v11 FreeBSD-20120901
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: match: OpenSSH_6.1_hpn13v11 
FreeBSD-20120901 pat OpenSSH* compat 0x04000000
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: SSH2_MSG_KEXINIT sent
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: SSH2_MSG_KEXINIT received
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: kex: client->server 
aes128-ctr hmac-md5 none
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: kex: server->client 
aes128-ctr hmac-md5 none
Mar  7 17:02:01 smtp1 sshd[47350]: debug1: expecting SSH2_MSG_KEX_ECDH_INIT
Mar  7 17:02:01 smtp1 kernel: pid 47350 (sshd), uid 0: exited on signal 11


Mar  7 18:52:36 smtp1 sshd[1127]: debug1: rexec start in 5 out 5 newsock 
5 pipe 7 sock 8
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: inetd sockets after dupping: 3, 3
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: res_init()
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: HPN Disabled: 0, HPN Buffer 
Size: 65536
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: Client protocol version 2.0; 
client software version PuTTY_Release_0.60
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: no match: PuTTY_Release_0.60
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: Enabling compatibility mode 
for protocol 2.0
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: Local version string 
SSH-2.0-OpenSSH_6.6.1_hpn13v11 FreeBSD-20140420
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: list_hostkey_types: 
ssh-rsa,ssh-dss,ecdsa-sha2-nistp256,ssh-ed25519
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: SSH2_MSG_KEXINIT sent
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: SSH2_MSG_KEXINIT received
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: kex: client->server aes256-ctr 
hmac-sha1 none
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: kex: server->client aes256-ctr 
hmac-sha1 none
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: 
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD received
Mar  7 18:52:36 smtp1 sshd[1127]: debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
Mar  7 18:52:36 smtp1 kernel: pid 1127 (sshd), uid 0: exited on signal 11

Mike Tancsa

2016-Mar-09 15:27 UTC

head link

[FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

On 3/8/2016 1:13 PM, Craig Green wrote:> 
> 
> On 2016-03-08 7:45 AM, Mike Tancsa wrote:
>> Hi,
>>     I tried on 2 separate boxes, and sshd segfaults when this rev is
>> applied
>>
>>     ---Mike
> 
> Just adding some debug logs showing a couple places where sshd exited.
> Encryption algorithm, kex and hmac didn't seem to matter.
Here is an example of where sshd chokes

good trace - pre openssl commit
....
debug2: kex_parse_kexinit:
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64 at openssh.com [preauth]
debug2: kex_parse_kexinit:
hmac-sha1,hmac-sha1-96,hmac-md5,hmac-md5-96,umac-64 at openssh.com [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit: none [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit:  [preauth]
debug2: kex_parse_kexinit: first_kex_follows 0  [preauth]
debug2: kex_parse_kexinit: reserved 0  [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: client->server aes256-ctr hmac-sha1 none [preauth]
debug2: mac_setup: setup hmac-sha1 [preauth]
debug1: kex: server->client aes256-ctr hmac-sha1 none [preauth]
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug3: mm_request_send entering: type 0 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 2048 2048
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
debug3: mm_request_receive_expect entering: type 1 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_choose_dh: remaining 0 [preauth]
*debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]*
*debug2: bits set: 1063/2048 [preauth]*
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT [preauth]
debug2: bits set: 1041/2048 [preauth]
debug3: mm_key_sign entering [preauth]
debug3: mm_request_send entering: type 6 [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 6
debug3: mm_answer_sign
debug3: mm_answer_sign: signature 0x8034173c0(55)
debug3: mm_request_send entering: type 7
debug2: monitor_read: 6 used once, disabling now
debug3: mm_key_sign: waiting for MONITOR_ANS_SIGN [preauth]

bad trace - with openssl commit.

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received [preauth]
debug3: mm_request_send entering: type 0 [preauth]
debug3: mm_choose_dh: waiting for MONITOR_ANS_MODULI [preauth]
debug3: mm_request_receive_expect entering: type 1 [preauth]
debug3: mm_request_receive entering [preauth]
debug3: mm_request_receive entering
debug3: monitor_read: checking request 0
debug3: mm_answer_moduli: got parameters: 1024 2048 2048
debug3: mm_request_send entering: type 1
debug2: monitor_read: 0 used once, disabling now
debug3: mm_choose_dh: remaining 0 [preauth]
*debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent [preauth]*
debug1: monitor_read_log: child log fd closed
debug3: mm_request_receive entering
debug1: do_cleanup
debug3: PAM: sshpam_thread_cleanup entering
debug1: Killing privsep child 1837

-- 
-------------------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, mike at sentex.net
Providing Internet services since 1994 www.sentex.net
Cambridge, Ontario Canada   http://www.tancsa.com/

freebsd stable - Mar 2016 - svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

[FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man

[FreeBSD-Stable] svn commit: r296462 - in stable/9: crypto/openssl/crypto/bio crypto/openssl/crypto/bn crypto/openssl/doc/apps crypto/openssl/ssl secure/usr.bin/openssl/man