Christopher J Mason
2001-Mar-27 06:39 UTC
openssh stack corruption in arc4random_stir () on OS X
Howdy. I'm trying to get OpenSSH to work on Mac OS X which is basically BSD unix. I'm getting segfaults connecting to SSH1 servers (I have no SSH2 servers to test against so I'm not sure if it's common). I've followed the instructions on compiling at http://www.stepwise.com/Articles/Workbench/2001-03-21.01.html which essentially amount to ./configure --with-rsh=/usr/bin/rsh make make install (I've omitted TCP wrappers support.) (I'm using OpenSSL 0.9.5a; I've also tried with 0.9.6. I've tried both the openssl that ships with OS X and one compiled by me from source.) (I've also tried openssh-2.5.2p1.) I then try to use it: [localhost:local/src/openssh-2.5.2p1] root# ./ssh -v -v -c idea -l cmason crisp OpenSSH_2.5.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f Unknown cipher type 'idea' [localhost:local/src/openssh-2.5.2p1] root# ./ssh -v -v -c 3des -l cmason crisp OpenSSH_2.5.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090581f debug2: Command 'netstat -in' timed out debug2: Command 'netstat -rn' timed out debug1: Seeded RNG with 30 bytes from programs debug1: Seeded RNG with 3 bytes from system calls debug1: Rhosts Authentication disabled, originating port will not be trusted. debug1: ssh_connect: getuid 0 geteuid 0 anon 1 debug1: Connecting to crisp [128.2.83.95] port 22. debug1: Connection established. debug1: identity file /var/root/.ssh/identity type 0 debug1: unknown identity file /var/root/.ssh/id_rsa debug1: identity file /var/root/.ssh/id_rsa type -1 debug1: unknown identity file /var/root/.ssh/id_dsa debug1: identity file /var/root/.ssh/id_dsa type -1 debug1: Remote protocol version 1.5, remote software version 1.2.27 debug1: no match: 1.2.27 debug1: Local version string SSH-1.5-OpenSSH_2.5.2p1 debug1: Waiting for server public key. debug1: Received server public key (768 bits) and host key (1024 bits). debug1: Host 'crisp' is known and matches the RSA1 host key. debug1: Found key in /var/root/.ssh/known_hosts:2 No valid SSH1 cipher, using 3des instead. debug1: Encryption type: 3des debug1: Sent encrypted session key. debug1: Installing crc compensation attack detector. debug1: Received encrypted confirmation. Segmentation fault A backtrace in GDB gives: #0 0x00006bd4 in ssh_userauth (local_user=0x339d0 "", server_user=0xbffffc0c "cjm", host=0xe00c0 "sun4", host_key_valid=211808, own_host_key=0xdff50) at sshconnect1.c:1020 #1 0x000058fc in ssh_login (host_key_valid=0, own_host_key=0xdff50, orighost=0xbffffc10 "sun4", hostaddr=0x338b0, original_real_uid=917696) at sshconnect.c:774 #2 0x00003574 in main (ac=4, av=0xbffffb44) at ssh.c:698 #3 0x00002060 in _start () #4 0x00001ea0 in start () #5 0x00000000 in ?? () It seems that options has total garbage in it; in particular the num_identity_files is > 1 when I have only one identity file. options is getting corrupted in arc4random_stir () at bsd-arc4random.c:73 It's actually corrupted in RC4_set_key(). I can't see anything obvious wrong here. Before this function is called, everything seems fine, after, the stack is corrupted. I can't get apple's hacked up gdb to stop inside this function with debugging info, so I can't quite tell what's going on here. I wonder, is this the first time that openssh would call into openssl? The exact same code works fine on Linux, obviously. Any help would be greately appreciated. -c [Christopher Mason <cmason at cmu.edu> http://ash.rem.cmu.edu/ ] ["Don't you see?! We're actors--we're the opposite of people!" -Stoppard]