thr3ads.net - openssh unix dev - OpenSSH 3.2.2p1 sshd: fatal: xfree: NULL pointer given as argument [May 2002]

If this information is useful, please help other people find it:
Share via:

Phil Howard

2002-May-18 12:53 UTC

OpenSSH 3.2.2p1 sshd: fatal: xfree: NULL pointer given as argument

Server host config:
Slackware 8.0 (custom boot scripts)
glibc-2.2.3
gcc-2.95.3
Linux-2.4.18


Client host config:
(same as server)


Symptom:
session disconnects with no message to client:
============================================================================phil
at antares:/home/phil 153> ssh -V
OpenSSH_3.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
phil at antares:/home/phil 154> ssh -p 10 root at polaris.ipal.net
Connection closed by 209.102.208.19
phil at antares:/home/phil 155>
============================================================================phil
at polaris:/home/phil 1> ssh -V
OpenSSH_3.2.2p1, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
phil at polaris:/home/phil 2> ssh -p 10 root at polaris.ipal.net
Connection closed by 209.102.208.19
phil at polaris:/home/phil 3>
============================================================================

Message in syslog on server:
fatal: xfree: NULL pointer given as argument


Additional test:
Telnet to SSH port (test port 10, not 22) shows normal banner and
after pressing return gives "Protocol mismatch." as normally seen
when using telnet to sshd (e.g. the above error must be later in
the protocol sequence than raw telnet would engage).


Debug output (-ddd -e):
============================================================================debug3:
cipher ok: aes256-cbc [aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: aes192-cbc
[aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: aes128-cbc
[aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: blowfish-cbc
[aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc]
debug3: cipher ok: 3des-cbc
[aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc]
debug3: ciphers ok: [aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc]
debug1: sshd version OpenSSH_3.2.2p1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #0 type 2 DSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug1: Bind to port 10 on 0.0.0.0.
Server listening on 0.0.0.0 port 10.
debug1: Server will not fork when running in debugging mode.
Connection from 209.102.208.19 port 32846
debug1: Client protocol version 2.0; client software version OpenSSH_3.2.2p1
debug1: match: OpenSSH_3.2.2p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.2.2p1
debug1: list_hostkey_types: ssh-dss,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-dss,ssh-rsa
debug2: kex_parse_kexinit:
aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit:
aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: 3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160 at
openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: zlib
debug2: kex_parse_kexinit: zlib
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: 
debug2: kex_parse_kexinit: first_kex_follows 0 
debug2: kex_parse_kexinit: reserved 0 
debug2: mac_init: found hmac-md5
debug1: kex: client->server 3des-cbc hmac-md5 zlib
debug2: mac_init: found hmac-md5
debug1: kex: server->client 3des-cbc hmac-md5 zlib
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST received
debug1: SSH2_MSG_KEX_DH_GEX_GROUP sent
debug1: dh_gen_key: priv key bits set: 194/384
debug1: bits set: 1047/2049
debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
debug1: bits set: 1031/2049
xfree: NULL pointer given as argument
debug1: Calling cleanup 0x806b00c(0x0)
============================================================================

Server config file:
(Note, this is for port 10 used for testing, not port 22)
============================================================================Port
10
ListenAddress 0.0.0.0
Banner /etc/ssh/sshd_banner_10
AllowGroups root wheel ssh10 staff sys adm admin
Ciphers aes256-cbc,aes192-cbc,aes128-cbc,blowfish-cbc,3des-cbc
ClientAliveInterval 0
ClientAliveCountMax 3
DenyGroups nossh nossh10
DenyUsers nobody
DSAAuthentication yes
GatewayPorts yes
HostKey /etc/ssh/ssh_host_dsa_key
HostKey /etc/ssh/ssh_host_rsa_key
IgnoreRhosts yes
IgnoreUserKnownHosts yes
KeepAlive no
LoginGraceTime 600
LogLevel INFO
MaxStartups 32:50:64
PasswordAuthentication yes
PermitEmptyPasswords no
PermitRootLogin yes
PidFile /var/run/sshd_10.pid
PrintLastLog yes
PrintMotd yes
Protocol 2
PubkeyAuthentication yes
StrictModes yes
SyslogFacility AUTH
UseLogin no
VerifyReverseMapping no
X11DisplayOffset 10
X11Forwarding yes
X11UseLocalhost yes
============================================================================

-- 
-----------------------------------------------------------------
| Phil Howard - KA9WGN |   Dallas   | http://linuxhomepage.com/ |
| phil-nospam at ipal.net | Texas, USA | http://phil.ipal.org/     |
-----------------------------------------------------------------

Kevin Steves

2002-May-18 22:56 UTC

head link

OpenSSH 3.2.2p1 sshd: fatal: xfree: NULL pointer given as argument

On Sat, May 18, 2002 at 07:53:50AM -0500, Phil Howard
wrote:> debug1: dh_gen_key: priv key bits set: 194/384
> debug1: bits set: 1047/2049
> debug1: expecting SSH2_MSG_KEX_DH_GEX_INIT
> debug1: bits set: 1031/2049
> xfree: NULL pointer given as argument
> debug1: Calling cleanup 0x806b00c(0x0)
Can you narrow the config down a bit in terms of what may cause this,
or get a stack trace?

Maybe Matching Threads

Search for more apparently analagous threads

openssh unix dev - May 2002 - OpenSSH 3.2.2p1 sshd: fatal: xfree: NULL pointer given as argument

OpenSSH 3.2.2p1 sshd: fatal: xfree: NULL pointer given as argument

OpenSSH 3.2.2p1 sshd: fatal: xfree: NULL pointer given as argument

Maybe Matching Threads