From owner-freebsd-hackers Mon Sep 17 14: 4:10 2001 Delivered-To: freebsd-hackers@freebsd.org Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67]) by hub.freebsd.org (Postfix) with ESMTP id 8944037B409 for ; Mon, 17 Sep 2001 14:04:06 -0700 (PDT) Received: (from dillon@localhost) by earth.backplane.com (8.11.6/8.11.2) id f8HL45641959; Mon, 17 Sep 2001 14:04:05 -0700 (PDT) (envelope-from dillon) Date: Mon, 17 Sep 2001 14:04:05 -0700 (PDT) From: Matt Dillon Message-Id: <200109172104.f8HL45641959@earth.backplane.com> To: Alfred Perlstein Cc: hackers@FreeBSD.org Subject: Re: bug in sshd - signal during free() References: <200109172032.f8HKW6M41638@earth.backplane.com> <20010917160103.Z968@elvis.mu.org> Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG : :* Matt Dillon [010917 15:32] wrote: :> sshd died on one of our machines today. The traceback seems to :> indicate that a signal is interrupting a free(). I'm going to :> play with the code a bit to see if there's an easy fix. :> :> This bug can't occur very often... the key regeneration signal :> has to occur *just* as sshd is trying to free() something. : :The bug seems more likely to be caused by use of unsafe functions :in a signal handler. : :I'm really suprised that the OpenSSH team didn't slap whomever decided :to do so much processing within a signal handler silly. It's funny... they had an XXX comment in there so obviously someone was a little jittery about it. I think they just didn't realize that a malloc() might occur inside the signal handler or they would have fixed it long ago. UNIX signals suck. -Matt To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message