openssh bugs - Oct 2022 - [Bug 3489] New: "MaxStartups 0" passes "sshd -t", but configuration reload dies the server

https://bugzilla.mindrot.org/show_bug.cgi?id=3489

            Bug ID: 3489
           Summary: "MaxStartups 0" passes "sshd -t", but
configuration
                    reload dies the server
           Product: Portable OpenSSH
           Version: 9.1p1
          Hardware: Other
                OS: Linux
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: sshd
          Assignee: unassigned-bugs at mindrot.org
          Reporter: petr.pisar at atlas.cz

I tried disabling MaxStartups feature (disabling is not documented in a
manual) in openssh-9.1_p1 with setting:

MaxStartups 0

"sshd -t" command did not report any errors. So I sent SIGHUP to the
deamon to reload the configuration, and then I tried to ssh-login to
the machine and I found I cannot connect it.

I assumed 0 was interpreted as no connections allowed, thus I reverted
the change in sshd configuration file, sent SIGHUP signal again, and my
init (OpenRC) system reported the daemon is not running. It was obvious
the sshd daemon "crashed".

A system log contains:

Oct 23 21:18:48 router start-stop-daemon[23658]: Will stop PID 3640
Oct 23 21:18:48 router start-stop-daemon[23658]: Sending signal 1 to
PID 3640
Oct 23 21:18:48 router sshd[3640]: Received SIGHUP; restarting.
Oct 23 21:18:49 router sshd[3640]: Server listening on 0.0.0.0 port 22.
Oct 23 21:18:49 router sshd[3640]: Server listening on :: port 22.
Oct 23 21:18:49 router sshd[3640]: fatal: xcalloc: zero size
Oct 23 21:19:14 router start-stop-daemon[23691]: Will stop PID 3640
Oct 23 21:19:14 router /etc/init.d/sshd[23691]: start-stop-daemon: no
matching processes found

The "fatal: xcalloc: zero size" message explains the
"crash". The
server attempted to allocate a memory for 0 MaxStartups connections, 0
was rejected as in invalid size by an allocator and the daemon
terminated.

Could you please patch "sshd -t" code path to reject "MaxStartups
0"
configuration line?

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3489

Petr Pisar <petr.pisar at atlas.cz> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|"MaxStartups 0" passes      |"MaxStartups
0" passes
                   |"sshd -t", but              |"sshd -t",
but a
                   |configuration reload dies   |configuration reload dies
                   |the server                  |the server

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3489

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Blocks|                            |3480
                 CC|                            |dtucker at dtucker.net


Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3480
[Bug 3480] tracking bug for openssh-9.2
-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3489

Darren Tucker <dtucker at dtucker.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Fixed in this commit, which will be in 9.2:
https://github.com/openssh/openssh-portable/commit/1d78d25653805aefc7a8dd9d86cd7359ada3823c

Thanks for the report.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=3489

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
OpenSSH 9.3 has been released. Close resolved bugs

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.