From owner-freebsd-hackers  Mon Sep 17 14: 1:14 2001
Delivered-To: freebsd-hackers@freebsd.org
Received: from elvis.mu.org (elvis.mu.org [216.33.66.196])
	by hub.freebsd.org (Postfix) with ESMTP id 500E737B40C
	for <hackers@FreeBSD.org>; Mon, 17 Sep 2001 14:01:08 -0700 (PDT)
Received: by elvis.mu.org (Postfix, from userid 1192)
	id 38B3281D01; Mon, 17 Sep 2001 16:01:03 -0500 (CDT)
Date: Mon, 17 Sep 2001 16:01:03 -0500
From: Alfred Perlstein <bright@mu.org>
To: Matt Dillon <dillon@earth.backplane.com>
Cc: hackers@FreeBSD.org
Subject: Re: bug in sshd - signal during free()
Message-ID: <20010917160103.Z968@elvis.mu.org>
References: <200109172032.f8HKW6M41638@earth.backplane.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <200109172032.f8HKW6M41638@earth.backplane.com>; from dillon@earth.backplane.com on Mon, Sep 17, 2001 at 01:32:06PM -0700
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-hackers.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-hackers>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-hackers>
X-Loop: FreeBSD.ORG

* Matt Dillon <dillon@earth.backplane.com> [010917 15:32] wrote:
>     sshd died on one of our machines today.  The traceback seems to 
>     indicate that a signal is interrupting a free().  I'm going to 
>     play with the code a bit to see if there's an easy fix.
> 
>     This bug can't occur very often... the key regeneration signal
>     has to occur *just* as sshd is trying to free() something.

The bug seems more likely to be caused by use of unsafe functions
in a signal handler.

I'm really suprised that the OpenSSH team didn't slap whomever decided
to do so much processing within a signal handler silly.

> 
> 						-Matt
> 
> (gdb) back
> #0  0x28231e34 in kill () from /usr/lib/libc.so.4
> #1  0x2826dd8a in abort () from /usr/lib/libc.so.4
> #2  0x2826c899 in isatty () from /usr/lib/libc.so.4
> #3  0x2826c8cf in isatty () from /usr/lib/libc.so.4
> #4  0x2826d907 in malloc () from /usr/lib/libc.so.4
> #5  0x2826be58 in __smakebuf () from /usr/lib/libc.so.4
> #6  0x2826bdec in __swsetup () from /usr/lib/libc.so.4
> #7  0x282663ef in vfprintf () from /usr/lib/libc.so.4
> #8  0x28266059 in fprintf () from /usr/lib/libc.so.4
> #9  0x2824e0ed in vsyslog () from /usr/lib/libc.so.4
> #10 0x2824e009 in syslog () from /usr/lib/libc.so.4
> #11 0x804feb3 in do_log ()
> #12 0x806ade3 in log ()
> #13 0x804c742 in key_regeneration_alarm ()
> #14 0xbfbfffac in ?? ()
> #15 0x2826da35 in free () from /usr/lib/libc.so.4
> #16 0x805f087 in xfree ()
> #17 0x804d8be in main ()
> #18 0x804c50d in _start ()
> (gdb) 

-- 
-Alfred Perlstein [alfred@freebsd.org]
'Instead of asking why a piece of software is using "1970s technology,"
start asking why software is ignoring 30 years of accumulated wisdom.'

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message