openssh unix dev - Jan 2001 - Core dumps on HP-UX

Hello,

I've been trying to get openssh working at our site recently, but have
been running into these problems.  In using the "release" version
(openssh-2.3.0p1) we kept getting these broken pipe errors:

zcat: stdout: Broken pipe

Damien suggested we try out the snapshot versions, so I've been trying
out the daily versions since last week.  With the snapshots, the pipe
problem is gone, but we're now seeing core dumps.  Specifically, we see
core dumps in the following situations:

1) when we ssh from one box to another and X11 forwarding is enabled in
both ssh_config on client, and sshd_config on server.  The child sshd on
the server core dumps before we even get a shell prompt:

(with -v turned on)

debug: authentications that can continue: publickey,password
debug: next auth method to try is publickey
debug: next auth method to try is password
troot at spare4's password:
debug: ssh-userauth2 successful: method password
debug: channel 0: new [client-session]
debug: send channel open 0
debug: Entering interactive session.
debug: client_init id 0 arg 0
debug: Requesting X11 forwarding with authentication spoofing.
debug: channel request 0: shell
debug: channel 0: open confirm rwindow 0 rmax 16384



Pid 22024 received a SIGSEGV for stack growth failure.
Possible causes: insufficient memory or swap space,
or stack size exceeded maxssiz.

debug: channel 0: rcvd eof
debug: channel 0: output open -> drain
debug: channel 0: obuf empty
debug: channel 0: output drain -> closed
debug: channel 0: close_write
Connection to spare4 closed by remote host.
Connection to spare4 closed.
debug: Transferred: stdin 0, stdout 0, stderr 75 bytes in 13.2 seconds
debug: Bytes per second: stdin 0.0, stdout 0.0, stderr 5.7
debug: Exit status -1
debug: writing PRNG seed to file //.ssh/prng_seed

2) When X11 forwarding is turned off, the shell runs fine, but then the
child sshd on the server core dumps when you log off.  Obviously the
interactive session goes fine, but then you're left with the core dump
on the server when you're done.

Other info: we're running on HP boxes running HP-UX 11.00; the compiler
is HP's Ansi C compiler with patch PHSS_22272 installed.  The core
problems have occurred on snapshots from 0112 up to and including
tonight's (SNAP-0119).

Let me know if there's any other info you need, or anything else I can
do to help troubleshoot this.

Thanks.

-Tom

On Thu, 18 Jan 2001, Tom Orban wrote:
: Pid 22024 received a SIGSEGV for stack growth failure.
: Possible causes: insufficient memory or swap space,
: or stack size exceeded maxssiz.
: 
: Other info: we're running on HP boxes running HP-UX 11.00; the compiler
: is HP's Ansi C compiler with patch PHSS_22272 installed.  The core
: problems have occurred on snapshots from 0112 up to and including
: tonight's (SNAP-0119).

that's the SIGCHLD issue that hasn't been resolved yet.

i've been using this patch on hp-ux for a few weeks now, so i can use
and test the proto 2 stuff.  it implements a mysignal() wrapper and uses
it for the sigchld_handler2 function.

Index: ssh.h
==================================================================RCS file:
/var/cvs/openssh/ssh.h,v
retrieving revision 1.52
diff -u -r1.52 ssh.h
--- ssh.h	2001/01/19 04:26:52	1.52
+++ ssh.h	2001/01/19 13:13:59
@@ -500,6 +500,10 @@
 /* set filedescriptor to non-blocking */
 void	set_nonblock(int fd);
 
+/* wrapper for signal interface */
+typedef void (*mysig_t)(int);
+mysig_t mysignal(int sig, mysig_t act);
+
 /*
  * Performs the interactive session.  This handles data transmission between
  * the client and the program.  Note that the notion of stdin, stdout, and
Index: util.c
==================================================================RCS file:
/var/cvs/openssh/util.c,v
retrieving revision 1.4
diff -u -r1.4 util.c
--- util.c	2000/10/28 03:19:58	1.4
+++ util.c	2001/01/19 13:13:59
@@ -94,3 +94,25 @@
 
 	return (old);
 }
+
+mysig_t
+mysignal(int sig, mysig_t act)
+{
+#ifdef HAVE_SIGACTION
+	struct sigaction sa, osa;
+
+	if (sigaction(sig, 0, &osa) == -1)
+		return (mysig_t) -1;
+	if (osa.sa_handler != act) {
+		memset(&sa, 0, sizeof sa);
+		sigemptyset(&sa.sa_mask);
+		sa.sa_flags = 0;
+		sa.sa_handler = act;
+		if (sigaction(sig, &sa, 0) == -1)
+			return (mysig_t) -1;
+	}
+	return (osa.sa_handler);
+#else
+	return (signal(sig, act));
+#endif
+}
Index: serverloop.c
==================================================================RCS file:
/var/cvs/openssh/serverloop.c,v
retrieving revision 1.36
diff -u -r1.36 serverloop.c
--- serverloop.c	2001/01/19 04:26:52	1.36
+++ serverloop.c	2001/01/19 13:14:06
@@ -109,7 +109,7 @@
 	int save_errno = errno;
 	debug("Received SIGCHLD.");
 	child_terminated = 1;
-	signal(SIGCHLD, sigchld_handler2);
+	mysignal(SIGCHLD, sigchld_handler2);
 	errno = save_errno;
 }
 
@@ -643,7 +643,7 @@
 
 	debug("Entering interactive session for SSH2.");
 
-	signal(SIGCHLD, sigchld_handler2);
+	mysignal(SIGCHLD, sigchld_handler2);
 	signal(SIGPIPE, SIG_IGN);
 	child_terminated = 0;
 	connection_in = packet_get_connection_in();