http://bugzilla.opensuse.org/show_bug.cgi?id=1180501
http://bugzilla.opensuse.org/show_bug.cgi?id=1180501#c9
--- Comment #9 from patrick shanahan
Thanks for the core dump. This seems to be happening in a few locations, but I haven't been able to repro it here yet, not even with valgrind.
The dump makes it looks like a sshcipher_ctx struct has been partially overwritten with garbage. In cipher_free() it crashes on this line:
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
...because cc->cipher points to a bad location (but it's not NULL).
Questions:
1) Do you know more precisely when this started happening? I'm suspecting patches added to openssh or openssl this autumn.
sorry, no, but has been for 3 or 4 or more months
2) Could you run sshd like this (as root):
/usr/sbin/sshd -Dddd -p 2048
Then from a different shell session, connect to it like this:
ssh localhost -p 2048
...and trigger the crash, then attach the sshd debug output here?
I will but I do not know what triggers the crash. I will start the session you describe and leave it open until I observe another crash, then report. -- You are receiving this mail because: You are on the CC list for the bug.