bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-26 04:03 UTC
[Bug 2022] New: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022 Bug #: 2022 Summary: ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME Classification: Unclassified Product: Portable OpenSSH Version: 6.0p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: ssh AssignedTo: unassigned-bugs at mindrot.org ReportedBy: gregdlg+mr at hochet.info Created attachment 2166 --> https://bugzilla.mindrot.org/attachment.cgi?id=2166 Short example Hello, Under the following conditions, SSH crash: - SSH is compiled with ldns for DNS support - You use a DNS resolver with DNSSEC enabled - You have SSHFP keys - You attempt to connect through a CNAME (instead of the host name, see attachment) I have tracked the problem down to the file openbsd-compat/getrrsetbyname-ldns.c In function getrrsetbyname, when the DNS resolver sets the ad flags, ssh doesn't allocate memory to contain RRSIG signatures. However it still attempts to copy those signatures from the DNS answer. If rrset->rri_sigs is null, rdata = &rrset->rri_sigs[0] is still null and the signature is ignored later in the code. Luckily, most of the time, you only have one signature and there is no problem. If you have a CNAME, you got two signatures and &rrset->rri_sigs[1] is no not null hence the segfault. -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-26 04:07 UTC
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022 --- Comment #1 from gregdlg+mr at hochet.info 2012-06-26 14:07:24 EST --- Created attachment 2167 --> https://bugzilla.mindrot.org/attachment.cgi?id=2167 A short patch to solve the problem -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug.
bugzilla-daemon at bugzilla.mindrot.org
2012-Jun-27 22:58 UTC
[Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
https://bugzilla.mindrot.org/show_bug.cgi?id=2022 Darren Tucker <dtucker at zip.com.au> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |dtucker at zip.com.au Blocks| |1986 -- Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are watching the assignee of the bug. You are watching someone on the CC list of the bug.
Possibly Parallel Threads
- [Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
- [PATCH] Add support for ldns
- [Bug 2022] ssh segfaults when using ldns, SSHFP, a DNSSEC-enabled resolver and a CNAME
- [Bug 2119] New: SSHFP with DNSSEC – no trust anchors given, validation always fails
- [Bug 2708] New: openssh: 7.5p1 update breaks ldns/sshfp