openssh unix dev - Jan 2004 - openssh 3.7.1p2 fault on solaris 9 for sparc when built as 64-bit

I built OpenSSH as a 64-bit binary on Solaris 9, using gcc 3.3.2,
OpenSSL 0.9.7c and zlib 1.2.1.  sshd starts up normally, and will begin
the login session, however, some time after it reads /etc/default/login,
it faults and kills the connection.  There are no error messages logged
to syslog (with LogLevel set to DEBUG) or with the -ddd option.

Here's a truss of the failure:

8132:   open("/etc/nologin", O_RDONLY)                  Err#2 ENOENT
8132:   getuid()                                        = 1000 [1000]
8132:   getuid()                                        = 1000 [1000]
8132:   getuid()                                        = 1000 [1000]
8132:   getuid()                                        = 1000 [1000]
8132:   open("/etc/default/login", O_RDONLY)            = 7
8132:   fstat(7, 0xFFFFFFFF7FFFD060)                    = 0
8132:   fstat(7, 0xFFFFFFFF7FFFCF30)                    = 0
8132:   ioctl(7, TCGETA, 0xFFFFFFFF7FFFCF9C)            Err#25 ENOTTY
8132:   read(7, " # i d e n t\t " @ ( # )".., 8192)     = 2010
8132:   read(7, 0x100287C14, 8192)                      = 0
8132:   lseek(7, 0, SEEK_CUR)                           = 2010
8132:   close(7)                                        = 0
8132:       Incurred fault #5, FLTACCESS  %pc = 0xFFFFFFFF7EC991C8
8132:         siginfo: SIGBUS BUS_ADRALN addr=0xFFFFFFFF7FFFE334
8132:       Received signal #10, SIGBUS [default]
8132:         siginfo: SIGBUS BUS_ADRALN addr=0xFFFFFFFF7FFFE334
8128:       Received signal #18, SIGCLD [caught]
8128:         siginfo: SIGCLD CLD_KILLED pid=8132 status=0x000A
8128:   fstat(-1, 0xFFFFFFFF7FFFD880)                   Err#9 EBADF
8128:   fstat(-1, 0xFFFFFFFF7FFFCB60)                   Err#9 EBADF
8128:   open("/dev/conslog", O_WRONLY)                  = 9
8128:   fcntl(9, F_SETFD, 0x00000001)                   = 0
8128:   fstat(9, 0xFFFFFFFF7FFFCB60)                    = 0
8128:   fstat(9, 0xFFFFFFFF7FFFD610)                    = 0
8128:   time()                                          = 1073425368
8128:   getpid()                                        = 8128 [8124]
8128:   putmsg(9, 0xFFFFFFFF7FFFCCC0, 0xFFFFFFFF7FFFCCB0, 0) = 0
8128:   open("/var/run/syslog_door", O_RDONLY)          = 10
8128:   door_info(10, 0xFFFFFFFF7FFFCBA8)               = 0
8128:   getpid()                                        = 8128 [8124]
8128:   door_call(10, 0xFFFFFFFF7FFFCB78)               = 0
8128:   close(10)                                       = 0
8128:   fstat(9, 0xFFFFFFFF7FFFD880)                    = 0
8128:   close(9)                                        = 0
8128:   sigaction(SIGCLD, 0x00000000, 0xFFFFFFFF7FFFE260) = 0
8128:   write(4, "\0", 1)                               = 1
8128:   setcontext(0xFFFFFFFF7FFFE4F0)
8128:   close(8)                                        = 0

Recompiled as a 32-bit binary, and it works fine.  Not sure if this is
related to bug 643 (http://bugzilla.mindrot.org/show_bug.cgi?id=643),
but seems to act similarly.

System is a SunFire V100 (Ultra IIe) running Solaris 9.

orwell$ uname -a
SunOS orwell 5.9 Generic_112233-11 sun4u sparc SUNW,UltraAX-i2 Solaris

Thanks,

Tom

-- 
Thomas A. Kyle, GCFW
Network Security Analyst
University of Missouri-St. Louis
tkyle at jinx.umsl.edu
(314) 516-6012

"Thomas A. Kyle" <tkyle at jinx.umsl.edu> writes:
> I built OpenSSH as a 64-bit binary on Solaris 9, using gcc 3.3.2,
> OpenSSL 0.9.7c and zlib 1.2.1.  sshd starts up normally, and will begin
> the login session, however, some time after it reads /etc/default/login,
> it faults and kills the connection.  There are no error messages logged
> to syslog (with LogLevel set to DEBUG) or with the -ddd option.
> 
> Here's a truss of the failure:
> 
> 8132:   open("/etc/nologin", O_RDONLY)                  Err#2
ENOENT
> 8132:   getuid()                                        = 1000 [1000]
> 8132:   getuid()                                        = 1000 [1000]
> 8132:   getuid()                                        = 1000 [1000]
> 8132:   getuid()                                        = 1000 [1000]
> 8132:   open("/etc/default/login", O_RDONLY)            = 7
> 8132:   fstat(7, 0xFFFFFFFF7FFFD060)                    = 0
> 8132:   fstat(7, 0xFFFFFFFF7FFFCF30)                    = 0
> 8132:   ioctl(7, TCGETA, 0xFFFFFFFF7FFFCF9C)            Err#25 ENOTTY
> 8132:   read(7, " # i d e n t\t " @ ( # )".., 8192)     =
2010
> 8132:   read(7, 0x100287C14, 8192)                      = 0
> 8132:   lseek(7, 0, SEEK_CUR)                           = 2010
> 8132:   close(7)                                        = 0
> 8132:       Incurred fault #5, FLTACCESS  %pc = 0xFFFFFFFF7EC991C8
> 8132:         siginfo: SIGBUS BUS_ADRALN addr=0xFFFFFFFF7FFFE334
> 8132:       Received signal #10, SIGBUS [default]
> 8132:         siginfo: SIGBUS BUS_ADRALN addr=0xFFFFFFFF7FFFE334
> 8128:       Received signal #18, SIGCLD [caught]
> 8128:         siginfo: SIGCLD CLD_KILLED pid=8132 status=0x000A
I'd guess this might fix it (I'm guessing w/o a stack trace) - its
completely untested:

--- session.c.orig	2004-01-07 21:55:40.647497013 +0000
+++ session.c	2004-01-07 21:56:25.357777123 +0000
@@ -915,7 +915,7 @@
 {
 	char **tmpenv = NULL, *var;
 	u_int i, tmpenvsize = 0;
-	mode_t mask;
+	long mask;
 
 	/*
 	 * We don't want to copy the whole file to the child's environment,
@@ -936,7 +936,7 @@
 	
 	if ((var = child_get_env(tmpenv, "UMASK")) != NULL)
 		if (sscanf(var, "%5lo", &mask) == 1)
-			umask(mask);
+			umask((mode_t)mask);
 	
 	for (i = 0; tmpenv[i] != NULL; i++)
 		xfree(tmpenv[i]);

mode_t is uint_t when you're in a 64 bit Solaris userland, so %lo is
too wide to fit.

-- 
Alex Kiernan, Principal Engineer, Development, THUS plc