Subject: lib/29862: sshd segfaults with long keys
To: None <lib-bug-people@netbsd.org, gnats-admin@netbsd.org,>
From: Denis Lagno <dlagno@mail.ru>
List: netbsd-bugs
Date: 04/02/2005 07:34:00
>Number:         29862
>Category:       lib
>Synopsis:       sshd segfaults with long keys
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Apr 02 07:34:00 +0000 2005
>Originator:     Denis Lagno
>Release:        NetBSD 3.99.2
>Organization:
>Environment:
System: NetBSD flam.gado 3.99.2 NetBSD 3.99.2 (FLAM) #0: Fri Apr 1 02:13:30 MSD 2005 dina@flam.gado:/volatile/worksrc/netbsd-current/src/sys/arch/i386/compile/FLAM i386
Architecture: i386
Machine: i386
>Description:
sshd from 13 Mar worked.  Now it segfaults:

# /usr/sbin/sshd -ddd
debug2: load_server_config: filename /etc/ssh/sshd_config
debug2: load_server_config: done config len = 338
debug2: parse_server_config: config /etc/ssh/sshd_config len 338
debug1: sshd version OpenSSH_3.9 NetBSD_Secure_Shell-20050213
debug1: private host key: #0 type 0 RSA1
debug3: Not a RSA1 key file /etc/ssh/ssh_host_rsa_key.
debug1: read PEM private key done: type RSA
debug1: private host key: #1 type 1 RSA
debug3: Not a RSA1 key file /etc/ssh/ssh_host_dsa_key.
debug1: read PEM private key done: type DSA
debug1: private host key: #2 type 2 DSA
debug1: Forcing server key to 8320 bits to make it differ from host key.
debug1: rexec_argv[0]='/usr/sbin/sshd'
debug1: rexec_argv[1]='-ddd'
debug2: fd 4 setting O_NONBLOCK
debug1: Bind to port 22 on ::.
Server listening on :: port 22.
debug2: fd 5 setting O_NONBLOCK
debug1: Bind to port 22 on 0.0.0.0.
Server listening on 0.0.0.0 port 22.
Generating 8320 bit RSA key.
zsh: segmentation fault (core dumped)  /usr/sbin/sshd -ddd

Sorry, no debugging symbols.  gdb says:

Program received signal SIGSEGV, Segmentation fault.
0xbdac62a3 in RSA_private_decrypt () from /usr/lib/libcrypto.so.2
(gdb) bt
#0  0xbdac62a3 in RSA_private_decrypt () from /usr/lib/libcrypto.so.2
#1  0xbda3cc29 in main () from /usr/lib/libcrypto.so.2

>How-To-Repeat:
launch /usr/sbin/sshd with:

ServerKeyBits 8192

>Fix:
I guess it is libcrypto problem..