Project Moonshot

mech_eap 0.9 corrupts memory in gss_init_sec_context leading to later segfault

Bug #1237981 reported by Adam Bishop
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Project Moonshot
Fix Released
Undecided
Unassigned

Bug Description

I *think* this is caused be creating a card with no issuer using moonshot-ui, but not 100% sure.

I can't find any symbols, but it's reproducable on the VM I have running, so can get a new backtrace if someone points me to symbols.

root@debian:~# gdb ssh
GNU gdb (GDB) 7.4.1-debian
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type "show copying"
and "show warranty" for details.
This GDB was configured as "i486-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /usr/bin/ssh...(no debugging symbols found)...done.
(gdb) run -vv localhost
Starting program: /usr/bin/ssh -vv localhost
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/i386-linux-gnu/i686/cmov/libthread_db.so.1".
OpenSSH_5.9p1 Debian-5+moonshot5, OpenSSL 1.0.1e 11 Feb 2013
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: /etc/ssh/ssh_config line 19: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to localhost [::1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/0
debug1: identity file /root/.ssh/id_rsa type -1
debug1: identity file /root/.ssh/id_rsa-cert type -1
debug1: identity file /root/.ssh/id_dsa type -1
debug1: identity file /root/.ssh/id_dsa-cert type -1
debug1: identity file /root/.ssh/id_ecdsa type -1
debug1: identity file /root/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9p1 Debian-5+moonshot5
debug1: match: OpenSSH_5.9p1 Debian-5+moonshot5 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9p1 Debian-5+moonshot5
debug2: fd 3 setting O_NONBLOCK
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: <email address hidden>,<email address hidden>,<email address hidden>,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,<email address hidden>,<email address hidden>,<email address hidden>,<email address hidden>,ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit: none,<email address hidden>,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour128,aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,<email address hidden>
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,<email address hidden>,hmac-sha2-256,hmac-sha2-256-96,hmac-sha2-512,hmac-sha2-512-96,hmac-ripemd160,<email address hidden>,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit: none,<email address hidden>
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_setup: found hmac-md5
debug1: kex: server->client aes128-ctr hmac-md5 none
debug2: mac_setup: found hmac-md5
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 4b:83:16:fa:a5:be:c4:d7:92:04:d6:d2:2a:aa:ca:5a
debug1: Host 'localhost' is known and matches the ECDSA host key.
debug1: Found key in /root/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /root/.ssh/id_rsa ((nil))
debug2: key: /root/.ssh/id_dsa ((nil))
debug2: key: /root/.ssh/id_ecdsa ((nil))
debug1: Authentications that can continue: publickey,gssapi-keyex,gssapi-with-mic,password
debug1: Next authentication method: gssapi-keyex
debug1: No valid Key exchange context
debug2: we did not send a packet, disable method
debug1: Next authentication method: gssapi-with-mic
debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug1: Unspecified GSS failure. Minor code may provide more information

debug1: Unspecified GSS failure. Minor code may provide more information
Credentials cache file '/tmp/krb5cc_0' not found

debug2: we sent a gssapi-with-mic packet, wait for reply

Program received signal SIGSEGV, Segmentation fault.
0xb7c8e21a in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
(gdb) bt full
#0 0xb7c8e21a in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#1 0xb7c90475 in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#2 0xb7c933bc in ?? () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#3 0xb7c938ed in realloc () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
No symbol table info available.
#4 0xb7e24df4 in ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
No symbol table info available.
#5 0xb7e255b2 in CRYPTO_realloc () from /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
No symbol table info available.
#6 0xb7ea0329 in lh_insert () from /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
No symbol table info available.
#7 0xb7ea2dba in ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
No symbol table info available.
#8 0xb7ea25ef in ?? () from /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
No symbol table info available.
#9 0xb7e60624 in ERR_load_BN_strings () from /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
No symbol table info available.
#10 0xb7ea4149 in ERR_load_crypto_strings () from /usr/lib/i386-linux-gnu/i686/cmov/libcrypto.so.1.0.0
No symbol table info available.
#11 0xb6a4add4 in SSL_load_error_strings () from /usr/lib/i386-linux-gnu/i686/cmov/libssl.so.1.0.0
No symbol table info available.
#12 0xb7a9f668 in tls_init () from /usr/lib/i386-linux-gnu/gss/mech_eap.so
No symbol table info available.
#13 0xb7a94388 in eap_peer_sm_init () from /usr/lib/i386-linux-gnu/gss/mech_eap.so
No symbol table info available.
#14 0xb7a69ccf in ?? () from /usr/lib/i386-linux-gnu/gss/mech_eap.so
No symbol table info available.
#15 0xb7a75f8d in gssEapSmStep () from /usr/lib/i386-linux-gnu/gss/mech_eap.so
No symbol table info available.
#16 0xb7a6a858 in gssEapInitSecContext () from /usr/lib/i386-linux-gnu/gss/mech_eap.so
No symbol table info available.
#17 0xb7a6ac52 in gss_init_sec_context () from /usr/lib/i386-linux-gnu/gss/mech_eap.so
No symbol table info available.
#18 0xb7d915a6 in gss_init_sec_context () from /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2
No symbol table info available.
#19 0x80045804 in ?? ()
No symbol table info available.
#20 0x80017ba4 in ?? ()
No symbol table info available.
#21 0x80019d46 in ?? ()
No symbol table info available.
#22 0x8003c919 in ?? ()
No symbol table info available.
#23 0x800196e9 in ?? ()
No symbol table info available.
#24 0x800151a9 in ?? ()
No symbol table info available.
#25 0x800091cb in main ()
No symbol table info available.

Revision history for this message
Adam Bishop (adam-omega) wrote :
Download full text (4.2 KiB)

Better Backtrace:

#0 malloc_consolidate (av=<optimized out>) at malloc.c:5153
        fb = 0xb7d7d3cc
        maxfb = 0xb7d7d3ec
        p = 0x74736f68
        nextp = 0x74736f68
        unsorted_bin = 0xb7d7d3f0
        first_unsorted = 0x80074258
        nextchunk = 0x800a38b0
        size = 24
        nextsize = 48
        prevsize = <optimized out>
        bck = <optimized out>
        fwd = 0x800772b0
        __func__ = "malloc_consolidate"
#1 0xb7c90475 in _int_malloc (av=<optimized out>, bytes=<optimized out>) at malloc.c:4373
        nb = 1032
        idx = <optimized out>
        bin = <optimized out>
        victim = <optimized out>
        size = <optimized out>
        victim_index = <optimized out>
        remainder = <optimized out>
        remainder_size = <optimized out>
        block = <optimized out>
        bit = <optimized out>
        map = <optimized out>
        fwd = <optimized out>
        bck = <optimized out>
        errstr = <optimized out>
        __func__ = "_int_malloc"
#2 0xb7c933bc in _int_realloc (av=<optimized out>, oldp=0x80072680, oldsize=520, nb=1032) at malloc.c:5290
        nextsize = <optimized out>
        newp = <optimized out>
        newsize = <optimized out>
        newmem = 0x208
        next = 0x80072888
        remainder = <optimized out>
        remainder_size = <optimized out>
        bck = <optimized out>
        fwd = 0x10
        copysize = <optimized out>
        ncopies = 16
        s = <optimized out>
        errstr = <optimized out>
        __func__ = "_int_realloc"
#3 0xb7c938ed in *__GI___libc_realloc (oldmem=0x80072688, bytes=1024) at malloc.c:3821
        ar_ptr = 0xb7d7d3c0
        nb = 1032
        newp = <optimized out>
        oldp = 0x80072680
        oldsize = 520
        __func__ = "__libc_realloc"
#4 0xb7e24df4 in default_realloc_ex (str=0x80072688, num=1024, file=0xb7f3d6c9 "lhash.c", line=347) at mem.c:86
No locals.
#5 0xb7e255b2 in CRYPTO_realloc (str=0x80072688, num=num@entry=1024, file=file@entry=0xb7f3d6c9 "lhash.c", line=line@entry=347) at mem.c:346
        ret = 0x0
#6 0xb7ea0329 in expand (lh=0x80074160) at lhash.c:346
        n2 = 0x80072884
        np = <optimized out>
        i = <optimized out>
        hash = <optimized out>
        nni = 128
        n = <optimized out>
        n1 = <optimized out>
        p = 63
        j = 256
#7 lh_insert (lh=lh@entry=0x80074160, data=data@entry=0xb7f902a8) at lhash.c:187
        hash = <optimized out>
        nn = <optimized out>
        rn = <optimized out>
        ret = <optimized out>
#8 0xb7ea2dba in int_err_set_item (d=0xb7f902a8) at err.c:407
        p = <optimized out>
        hash = 0x80074160
#9 0xb7ea25ef in err_load_strings (lib=lib@entry=0, str=0xb7f902a8, str@entry=0xb7f90240) at err.c:676
No locals.
#10 0xb7ea324d in ERR_load_strings (lib=lib@entry=0, str=str@entry=0xb7f90240) at err.c:684
No locals.
#11 0xb7e60624 in ERR_load_BN_strings () at bn_err.c:147
No locals.
#12 0xb7ea4149 in ERR_load_crypto_strings () at err_all.c:115
No locals.
#13 0xb6a4add4 in SSL_load_error_strings () at ssl_err2.c:66
No locals.
#14 0xb7a9f668 in tls_init () from /usr/lib/i386-linux-gnu/gss/mech_eap.so
No symbol table ...

Read more...

Revision history for this message
Adam Bishop (adam-omega) wrote :

Tested with an external ssh server (moonshot-inf.um.es) and a non-blank issuer - segfault still occurs.

Revision history for this message
Sam Hartman (hartmans) wrote : Re: [Bug 1237981] Re: Segfault on LiveCD

As of now (in wheezy-proposed) there is moonshot-gss-eap-dbg.

For this sort of problem valgrind probably works better than gdb. At
least, once you see that it is in something like malloc_consolidate in
the middle of doing initialization it's more probably earlier corruption
than a problem near the segfault.

I believe I have things isolated and am building a fix.

Sam Hartman (hartmans)
summary: - Segfault on LiveCD
+ mech_eap 0.9 corrupts memory in gss_init_sec_context leading to later
+ segfault
Changed in moonshot:
status: New → Fix Released
Revision history for this message
Adam Bishop (adam-omega) wrote :

Valgrind trace below, it looks like the fix you've committed matches valgrinds output.

user@debian:~$ valgrind --leak-check=full ssh localhost
==18501== Memcheck, a memory error detector
==18501== Copyright (C) 2002-2011, and GNU GPL'd, by Julian Seward et al.
==18501== Using Valgrind-3.7.0 and LibVEX; rerun with -h for copyright info
==18501== Command: ssh localhost
==18501==
==18501== Warning: invalid file descriptor 1024 in syscall close()
==18501== Warning: invalid file descriptor 1025 in syscall close()
==18501== Warning: invalid file descriptor 1026 in syscall close()
==18501== Use --log-fd=<number> to select an alternative log fd.
==18501== Warning: invalid file descriptor 1027 in syscall close()
==18501== Warning: invalid file descriptor 1028 in syscall close()
==18501== Warning: invalid file descriptor 1029 in syscall close()
==18501== Invalid free() / delete / delete[] / realloc()
==18501== at 0x482750C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18501== by 0x4C49591: krb5_free_principal (in /usr/lib/i386-linux-gnu/libkrb5.so.3.3)
==18501== by 0x5177F16: gssEapReleaseName (in /usr/lib/i386-linux-gnu/gss/mech_eap.so)
==18501== by 0x4DD2BD7: ???
==18501== Address 0x4debaa0 is 0 bytes inside a block of size 1 free'd
==18501== at 0x482750C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18501== by 0x4C49FCE: krb5_free_unparsed_name (in /usr/lib/i386-linux-gnu/libkrb5.so.3.3)
==18501== by 0x51706F6: ??? (in /usr/lib/i386-linux-gnu/gss/mech_eap.so)
==18501== by 0x517BF8C: gssEapSmStep (in /usr/lib/i386-linux-gnu/gss/mech_eap.so)
==18501== by 0x5170857: gssEapInitSecContext (in /usr/lib/i386-linux-gnu/gss/mech_eap.so)
==18501== by 0x5170C51: gss_init_sec_context (in /usr/lib/i386-linux-gnu/gss/mech_eap.so)
==18501== by 0x4A635A5: gss_init_sec_context (in /usr/lib/i386-linux-gnu/libgssapi_krb5.so.2.2)
==18501== by 0x14D803: ??? (in /usr/bin/ssh)
==18501==

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.