[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Savannah-hackers] Re: lsh crash
From: |
Niels Möller |
Subject: |
[Savannah-hackers] Re: lsh crash |
Date: |
19 Sep 2001 13:48:50 +0200 |
Loic Dachary <address@hidden> writes:
> lshd crashed. I noticed it immediately, the downtime was less than 10
> minutes. Here are the debuggin information.
Thanks for an excellent bug report.
> Sep 19 06:01:46 subversions lshd[15419]: Client version: SSH-1.99-2.0.13
> (non-commercial) Server version: SSH-1.99-lshd_1.2.1 lsh - a free ssh
> Sep 19 06:01:49 subversions lshd[15419]: Selected keyexchange algorithm:
> diffie-hellman-group1-sha1 with hostkey algorithm: ssh-dss
This shows that "ssh-dss" is selected as the host algorithm to use,
which is identified internally by lsh(d) as the integer ATOM_SSH_DSS.
> #4 0x8052595 in do_dsa_sign (c=0x80a2d48, algorithm=0, msg_length=20,
> msg=0x14 <Address 0x14 out of bounds>) at dsa.c:528
> #5 0x8051786 in dh_make_server_msg (self=0x80b0b70, server_key=0x80b0bb8,
> hostkey_algorithm=0, s=0x80a2d48) at dh_exchange.c:179
However, when that integer has been passed all the way down to
dh_make_server_msg and do_dsa_sign, that value has been replaced by
zero.
Reading the code on that path, I think I've found the bug. It's in the
workaround for old versions from SSH Inc:
--- src/server_keyexchange.c 2001/02/25 22:38:20 1.47
+++ src/server_keyexchange.c 2001/09/19 11:24:19
@@ -135,9 +135,8 @@
{
hostkey_algorithm = ATOM_SSH_DSS_KLUDGE_LOCAL;
}
- else
#endif
- dh->hostkey_algorithm = hostkey_algorithm;
+ dh->hostkey_algorithm = hostkey_algorithm;
dh->algorithms = algorithms;
Please try this patch. Or if you have the time, it would be even
better if you could do as follows: First try connecting with "2.0.13
(non-commercial)", and see if that crashes lshd. Install the patch,
try again, and see if (i) lshd survives, and (ii) whether the
connection is successful.
I don't have any old SSH versions around, but perhaps I should.
Regards,
/Niels