openssh bugs - Nov 2019 - [Bug 3101] New: sshd core is seen when FIPS mode is set

https://bugzilla.mindrot.org/show_bug.cgi?id=3101

            Bug ID: 3101
           Summary: sshd core is seen when FIPS mode is set
           Product: Portable OpenSSH
           Version: 7.9p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: critical
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: navneet.kumar.garg at gmail.com

sshd core is seen when FIPS mode is set and we close the ssh connection
using 'exit' command. Issue is seen only in FIPS mode. Pasted the stack
trace below. sshd binary is non-debug, so limited information is shown
in the stack. How do I get debug sshd binary so that we can have more
debug information in stack trace? Issue is seen from certain ssh
clients, like issue is seen consistently using MobaXterm version 10.9
build 3656. Appreciate any input on this.

# sshd -v
unknown option -- v
OpenSSH_7.9p1, OpenSSL 1.0.2r-fips  26 Feb 2019


Core
===Reading symbols from /usr/sbin/sshd...(no debugging symbols
found)...done.
[New LWP 22607]
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `sshd: se'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007f67affe3d32 in ?? ()
(gdb) bt
#0  0x00007f67affe3d32 in ?? ()
#1  0x00007f67b465c20f in fips_drbg_cleanup () from
/lib64/libcrypto.so.1.0.0
#2  0x00007f67b471d629 in RAND_cleanup () from
/lib64/libcrypto.so.1.0.0
#3  0x00007f67b27b7ff1 in __run_exit_handlers (status=0,
listp=0x7f67b2b38688 <__exit_funcs>,
    run_list_atexit=run_list_atexit at entry=true) at exit.c:77
#4  0x00007f67b27b8075 in __GI_exit (status=<optimized out>) at
exit.c:99
#5  0x00005618199b4c4c in ?? ()
#6  0x00005618199b5cff in ?? ()
#7  0x00005618199b5f5a in ?? ()
#8  0x00005618199993f1 in ?? ()
#9  0x00007f67b27a0ca5 in __libc_sta

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3101

Navneet <navneet.kumar.garg at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Priority|P5                          |P2

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3101

Jakub Jelen <jjelen at redhat.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jjelen at redhat.com

--- Comment #1 from Jakub Jelen <jjelen at redhat.com> ---
This looks like a crash in openssl (RAND_cleanup () from
/lib64/libcrypto.so.1.0.0) so I do not think there is anything OpenSSH
can do about it.

I think you will need to install debuginfo for openssl and openssh
packages to get better backtraces.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3101

Vamshik <vamshik024 at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |vamshik024 at gmail.com

--- Comment #2 from Vamshik <vamshik024 at gmail.com> ---
This is the complete stack:

Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `sshd: sy'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fd2fb957d32 in ?? ()
(gdb) bt
#0  0x00007fd2fb957d32 in ?? ()
#1  0x00007fd2fffd020f in fips_drbg_cleanup () from
/lib64/libcrypto.so.1.0.0
#2  0x00007fd300091629 in RAND_cleanup () from
/lib64/libcrypto.so.1.0.0
#3  0x00007fd2fe12bff1 in __run_exit_handlers (status=0,
listp=0x7fd2fe4ac688 <__exit_funcs>,
    run_list_atexit=run_list_atexit at entry=true) at exit.c:77
#4  0x00007fd2fe12c075 in __GI_exit (status=<optimized out>) at
exit.c:99
#5  0x00005573f469336c in mm_answer_term (sock=<optimized out>,
req=<optimized out>) at monitor.c:1580
#6  0x00005573f469455f in monitor_read
(pmonitor=pmonitor at entry=0x5573f4956d30,
    ent=0x5573f4943180 <mon_dispatch_postauth20+64>,
pent=pent at entry=0x0) at monitor.c:517
#7  0x00005573f46947ba in monitor_child_postauth
(pmonitor=0x5573f4956d30) at monitor.c:411
#8  0x00005573f4678680 in privsep_postauth (authctxt=0x5573f4955900) at
sshd.c:667
#9  main (ac=<optimized out>, av=<optimized out>) at sshd.c:2259

Is there any patch file which resolves this issue?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3101

--- Comment #3 from Vamshik <vamshik024 at gmail.com> ---
This is the complete stack:

Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `sshd: sy'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fd2fb957d32 in ?? ()
(gdb) bt
#0  0x00007fd2fb957d32 in ?? ()
#1  0x00007fd2fffd020f in fips_drbg_cleanup () from
/lib64/libcrypto.so.1.0.0
#2  0x00007fd300091629 in RAND_cleanup () from
/lib64/libcrypto.so.1.0.0
#3  0x00007fd2fe12bff1 in __run_exit_handlers (status=0,
listp=0x7fd2fe4ac688 <__exit_funcs>,
    run_list_atexit=run_list_atexit at entry=true) at exit.c:77
#4  0x00007fd2fe12c075 in __GI_exit (status=<optimized out>) at
exit.c:99
#5  0x00005573f469336c in mm_answer_term (sock=<optimized out>,
req=<optimized out>) at monitor.c:1580
#6  0x00005573f469455f in monitor_read
(pmonitor=pmonitor at entry=0x5573f4956d30,
    ent=0x5573f4943180 <mon_dispatch_postauth20+64>,
pent=pent at entry=0x0) at monitor.c:517
#7  0x00005573f46947ba in monitor_child_postauth
(pmonitor=0x5573f4956d30) at monitor.c:411
#8  0x00005573f4678680 in privsep_postauth (authctxt=0x5573f4955900) at
sshd.c:667
#9  main (ac=<optimized out>, av=<optimized out>) at sshd.c:2259

Is there any patch file which resolves this issue?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3101

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID
                 CC|                            |djm at mindrot.org

--- Comment #4 from Damien Miller <djm at mindrot.org> ---
Your stack trace shows failure inside OpenSSL, not OpenSSH. You should
contact your FIPS OpenSSL vendor to help debug, it isn't something we
can help with.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3101

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #5 from Damien Miller <djm at mindrot.org> ---
close bugs that were resolved in OpenSSH 8.5 release cycle

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.