Description
SSHD service is started with some special arguments like -C leads to crash.
We started sshd with the arguments passed by customer and observed the crash.
Recreation of the crash:
(gdb) file /usr/sbin/sshd
(gdb) run -T -C user=root -C host=nd-e013 -C addr=127.0.0.1 -C lport=22
Starting program: /usr/sbin/sshd -T -C user=root -C host=nd-e013 -C addr=127.0.0.1 -C lport=22
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
ssh_remote_ipaddr (ssh=ssh@entry=0x0) at ../../packet.c:532
Download failed: Invalid argument. Continuing without source file ./debian/build-deb/../../packet.c.
532 ../../packet.c: No such file or directory.
(gdb) bt
#0 ssh_remote_ipaddr (ssh=ssh@entry=0x0) at ../../packet.c:532
#1 0x0000555555572d6e in export_remote_info (ssh=ssh@entry=0x0) at ../../auth.c:1111
#2 0x00005555555620e2 in main (ac=10, av=0x555555633960) at ../../sshd.c:1672...
Running command 'sshd T -C user=root -C host=nd-e013 -C addr=127.0.0.1 -C lport=22' from ssh/telnet sessions causes this crash
Running debian packaged sshd with '-T -C user=root -C host=nd-e013 -C addr=127.0.0.1 -C lport=22' arguments doesn't cause crash.
The crash is observed only in our patched version of sshd.
Activity