Ubuntu
openssh package

ssh client segmentation fault

Bug #708571 reported by James Page
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
portable OpenSSH
Fix Released
Medium
openssh (Ubuntu)
Fix Released
High
Unassigned

Bug Description

So this is happening in an up-to-date Natty i386 server install running in a KVM virtual machine.

SSH connections to the server are fine; however using ssh from the server (either to a remote host or localhost) results in an immediate segmentation fault as soon as the connection to the target server is made:

jamespage@natty-infrastructure-manager:~$ ssh -vvv localhost
OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [127.0.0.1] port 22.
debug1: Connection established.
Segmentation fault (core dumped)

ProblemType: Bug
DistroRelease: Ubuntu 11.04
Package: openssh-client 1:5.7p1-1ubuntu1
ProcVersionSignature: Ubuntu 2.6.37-12.26-generic-pae 2.6.37
Uname: Linux 2.6.37-12-generic-pae i686
Architecture: i386
Date: Thu Jan 27 11:11:07 2011
InstallationMedia: Ubuntu-Server 11.04 "Natty Narwhal" - Alpha i386 (20110118)
ProcEnviron:
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
RelatedPackageVersions:
 ssh-askpass N/A
 libpam-ssh N/A
 keychain N/A
 ssh-askpass-gnome N/A
SSHClientVersion: OpenSSH_5.7p1 Debian-1ubuntu1, OpenSSL 0.9.8o 01 Jun 2010
SourcePackage: openssh

Revision history for this message
James Page (james-page) wrote :
Revision history for this message
James Page (james-page) wrote :
Revision history for this message
Colin Watson (cjwatson) wrote :

Might be my fault, but I can't quite make it out from the strace. Any chance of finding and attaching the core file that the error message says was dumped?

Revision history for this message
Colin Watson (cjwatson) wrote :

Ah, this is reproducible by moving .ssh aside.

Changed in openssh (Ubuntu):
status: New → Triaged
importance: Undecided → High
Revision history for this message
James Page (james-page) wrote :
Revision history for this message
In , Colin Watson (cjwatson) wrote :

Created attachment 1984
more error checks in ssh_selinux_setfscreatecon

The Debian/Ubuntu OpenSSH packages are compiled with SELinux support, but SELinux isn't necessarily available at run-time. If it's unavailable, then ssh_selinux_setfscreatecon may crash because it does not either (a) check ssh_selinux_enabled or (b) check the return value of matchpathcon. I suspect it should do both, although I'm not sure whether any error message is necessary if matchpathcon fails - does this just mean that the configuration doesn't specify any particular context? (I'm not an SELinux expert.)

Patch attached which at least clears up the crash.

(BTW, the indentation in ssh_selinux_setfscreatecon is non-standard.)

Changed in openssh (Ubuntu):
status: Triaged → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssh - 1:5.7p1-2ubuntu1

---------------
openssh (1:5.7p1-2ubuntu1) natty; urgency=low

  * Resynchronise with Debian experimental. Remaining changes:
    - Add support for registering ConsoleKit sessions on login.
    - Drop openssh-blacklist and openssh-blacklist-extra to Suggests.
    - Convert to Upstart. The init script is still here for the benefit of
      people running sshd in chroots.
    - Install apport hook.
    - Add mention of ssh-keygen in ssh connect warning.
    - Make openssh-server recommend ssh-import-id.

openssh (1:5.7p1-2) experimental; urgency=low

  * Fix crash in ssh_selinux_setfscreatecon when SELinux is disabled
    (LP: #708571).
 -- Colin Watson <email address hidden> Thu, 27 Jan 2011 12:20:29 +0000

Changed in openssh (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
In , Damien Miller (djm) wrote :

Patch applied - thanks.

Revision history for this message
In , Leonardo-3 (leonardo-3) wrote :

This patch* was misapplied and causes a syntax error when building 5.8p1 with SELinux enabled.

* http://hg.mindrot.org/openssh/rev/8611ccf82385

Revision history for this message
In , Leonardo-3 (leonardo-3) wrote :

Created attachment 1991
openssh-5.8p1-syntex-error.diff

Revision history for this message
In , Darren Tucker (dtucker) wrote :

Applied, thanks.

Revision history for this message
In , Damien Miller (djm) wrote :

close resolved bugs now that openssh-5.9 has been released

Bug Watch Updater (bug-watch-updater)
Changed in openssh:
importance: Unknown → Medium
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.