From owner-freebsd-security@freebsd.org Mon Apr 25 22:15:36 2016 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50C13B1CB34 for ; Mon, 25 Apr 2016 22:15:36 +0000 (UTC) (envelope-from zingelman@fnal.gov) Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0131.outbound.protection.outlook.com [23.103.201.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "MSIT Machine Auth CA 2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id B880A1246 for ; Mon, 25 Apr 2016 22:15:34 +0000 (UTC) (envelope-from zingelman@fnal.gov) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fermicloud.onmicrosoft.com; s=selector1-fnal-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=47sQnCfFvpL+H2v4+zuEImLPxrDGfSNkEc/Q3xKhSsY=; b=J48oZNAMptWZUJlslZD/3FcnMTc8gFfqQWTENDXNf8TjY43NU6biyG1RTrk54xIA2YC1CbLgKzpFet1opGnpqljGyziXwE6NYSiSrS7LEsk8pfo0zEnZaUKzZCUmC0W8cxU9lA3HIBwMEK1PqIqJ6Bp8kl017HfBk+b7JTj81T4= Received: from BY2PR09CA0044.namprd09.prod.outlook.com (10.242.234.172) by BY2PR09MB1096.namprd09.prod.outlook.com (10.166.116.16) with Microsoft SMTP Server (TLS) id 15.1.477.8; Mon, 25 Apr 2016 19:42:37 +0000 Received: from BN1BFFO11FD006.protection.gbl (2a01:111:f400:7c10::1:167) by BY2PR09CA0044.outlook.office365.com (2a01:111:e400:2c2c::44) with Microsoft SMTP Server (TLS) id 15.1.477.8 via Frontend Transport; Mon, 25 Apr 2016 19:42:37 +0000 Authentication-Results: spf=softfail (sender IP is 131.225.70.95) smtp.mailfrom=fnal.gov; freebsd.org; dkim=none (message not signed) header.d=none;freebsd.org; dmarc=none action=none header.from=fnal.gov; Received-SPF: SoftFail (protection.outlook.com: domain of transitioning fnal.gov discourages use of 131.225.70.95 as permitted sender) Received: from smtp-ux-prd2.fnal.gov (131.225.70.95) by BN1BFFO11FD006.mail.protection.outlook.com (10.58.144.69) with Microsoft SMTP Server (TLS) id 15.1.472.8 via Frontend Transport; Mon, 25 Apr 2016 19:42:37 +0000 Received: from nova.fnal.gov (nova.fnal.gov [131.225.121.207]) by smtp-ux-prd2.fnal.gov (Postfix) with SMTP id 5E9631409A8; Mon, 25 Apr 2016 14:42:36 -0500 (CDT) Received: from nova.fnal.gov (localhost [127.0.0.1]) by nova.fnal.gov (8.14.4+Sun/8.14.4) with ESMTP id u3PJgaTq016216; Mon, 25 Apr 2016 14:42:36 -0500 (CDT) Received: from localhost (tez@localhost) by nova.fnal.gov (8.14.4+Sun/8.14.4/Submit) with ESMTP id u3PJgZ2w016213; Mon, 25 Apr 2016 14:42:36 -0500 (CDT) X-Authentication-Warning: nova.fnal.gov: tez owned process doing -bs Date: Mon, 25 Apr 2016 14:42:35 -0500 From: Tim Zingelman X-X-Sender: tez@nova.fnal.gov Reply-To: Tim Zingelman To: Rustam CC: "freebsd-security@freebsd.org" Subject: Re: Signal 11 dumps in telnetd (freebsd 10.3 release) In-Reply-To: <6c6961526afe4f8b947fa11d585befd3@BY2PR09MB0754.namprd09.prod.outlook.com> Message-ID: References: <6c6961526afe4f8b947fa11d585befd3@BY2PR09MB0754.namprd09.prod.outlook.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="-559023410-959030623-1461613355=:16065" X-EOPAttributedMessage: 0 X-Forefront-Antispam-Report: CIP:131.225.70.95; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(6009001)(2980300002)(24454002)(189002)(199003)(43066003)(105596002)(106466001)(15975445007)(76506005)(57986006)(5008740100001)(6806005)(84326002)(1411001)(1220700001)(2476003)(1096002)(19580395003)(19580405001)(86362001)(4326007)(11100500001)(586003)(3450700001)(110136002)(5001970100001)(2950100001)(189998001)(512954002)(53806999)(50986999)(76176999)(54356999)(2906002)(87936001)(568964002)(5890100001)(4610100001); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR09MB1096; H:smtp-ux-prd2.fnal.gov; FPR:; SPF:SoftFail; MLV:sfv; MX:1; A:1; LANG:en; X-Microsoft-Exchange-Diagnostics: 1; BN1BFFO11FD006; 1:v665pO+6dqy8a7vEhRPx8Z1FBLMl5lpNBJGDbXnvs6GgexDX0n7fCwABG+kEVznt/ruuAh/ut8gLQEEOMhxTKP6tLlMbFSEtTvvCUP7bbvZwbhuivevWMBauslZs3bineSIfwoM01LwKWei9p8Uzf7rFm+NE+7St570F+XyTc+bX3g01VeckLrWNXUdIStSRaAqBecL6+5Q3yN2SmVjPEKBOjGm2EgrymxWLWTI3/Sx3dsj80t6YKP8dthxH5VJp/HHUhEmldGP3KMnCYeG4Y208Y5yJYWuFKjeLFRnvZ35PChiXBe+p/TtFnFvSxtOR+jWIng4XQl2n65U9CBnYW7xLARL9k5TGJiMjwWn+ItBd+2qlA9xZiTkL5WgwQpZkZS9vCriDv+xgCNPwHg20qhbykaJEhB344icfuHRa8Ic3b5mGfmxZ0eJXy/6Hgj2Ghk/JR4FGpQ5HmsXGSP/PzyZuLUqzrOS7Hu8eTAmgZ0o4o8pji8HxgwHepChBmIFGrl2Bd3HO9DvxNS0LtaZpMV2d1RRDvL5gJoFlb2MFXYMZ5bDrVdyJuLECK3NJqBVt X-MS-Office365-Filtering-Correlation-Id: d86825e0-6c63-47a9-7b33-08d36d41c18f X-Microsoft-Exchange-Diagnostics: 1; BY2PR09MB1096; 2:QIEMnmCJ4WdtnF5iPfiYg7MX0jtA3eFDsG5s3VxNzG7aToPPo1yr+pRO9z/TC+ZMXn1xMlAye2tuYJN44EnIhmIAQSHKbb3W3BNbJHQUX8ub+ilrf+TX/Mu/+gSEdMO//zQmPDsg5AZQ2VVa41PDUXVNsMLV/CGOplZzXpyVstwm4paS/qAt4F9nK5EbZURx; 3:a6Ajak7bj3xPeorV18eY/JL7H3IUD4wR/Lq4OXeQadvoKFSER6I48C1xdP9uHkqu4e0IniRFwom3fRO3V02lNbcY2utZTqiWxGVBN7ln40zVegpeiEjuz8uj3ftyn1daCqfP8yVViT+yRxY5HaBIxRCfdRREUNSy6244RKnEAK1a5nLflZohyoNCTv2OM9cQ7ryUPukqE8Hb3qDaQ3M2Qxe/gpT80FgTpJRaHC+YUOQ=; 25:0yLPPlve3Zzwnq3L3AtU0Va6FWTkpbMhPA55q/lnBMlf/jwOrtZe/KUIA0uXFvXFZtgQ7Gp6LQJdOtnEmKOV5jGesEGHETP2HLftELG4N+3frk4JNIU4DjHm8oTGFs61lhTgEMNU5ZU+l8abSp7ieWg2hpD2cTXbsnuLs0pr/SjAzBFwufeFw/3eNWTkkVs6cmL+kUaLcilCoXqAK5A+y0JmZNzvTYKNjQTEuqEbi0B9u0y/CUZEFjQd1HbKtxYZfAQU0rAKgKPoE/sBnMJ0QtiumFIc+8VZYgOlHIRyosJKgOKUqCv7QBXX/xwn/ahIMg7pmObbZ/8ZY+WWxPVwojdVQgB4jP63dYake8bFJ/vYCCOQCAeg9pxv9xkpAvq5 X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY2PR09MB1096; X-Microsoft-Exchange-Diagnostics: 1; BY2PR09MB1096; 20:gpfZWRbBvx4es1xUzniVfesvim0OFj3zaXym5qmtWxmUaxxZ2WJggqMeCrlOL8QHa96hPHmGFIIxwC0i857CfsEdgstvapKh3mSBhsGzlPsjxh+v4q15OeT/LDfw27qo2moW0fWWzl7YCiiIDv8vw/Gse0SXeM9+0AMFB+55w8n9hLxUX9OSYoiTNscun8Nn9PsCMLb1rxoV/p4sp1z7dbEUQyTkPDljUA5RV7XIhMIaKS4rSvhxuw6QyIXS39izdCJUbZdFD01EOFKLupWaKEm4YEE27EpSca5PrVomr1XFhUh4YLlC9j44U+HlaUapRoNQlnpj1bi90KqZDSDCVnsL+h1l+IGXIC5CLCMUrnAO0kIZ6wC6j0zfA1n5/3Cf7liV3q0RRQ9CrNHklN0cmem4qLNqDv2ps5IFLVd6ji58v4I+fqcF/Qeom7WdgAUozWk5Ps9ejBaAe3sPSbcjutN9hhxiiYYt4WnwkX13m5CGaqqb5cvUKrdwV0sp+oij X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:; X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(102415293)(102615271)(9101521072)(601004)(2401047)(13018025)(13024025)(8121501046)(5005006)(13023025)(13017025)(13015025)(3002001)(10201501046)(6055026); SRVR:BY2PR09MB1096; BCL:0; PCL:0; RULEID:; SRVR:BY2PR09MB1096; X-Microsoft-Exchange-Diagnostics: 1; BY2PR09MB1096; 4:zvkT/DpKWMnZZTwx9+7xKzBktkqYF9nw1x9nbwLFLZ8FpyRhVQb/27DTIBoRnguguu7aiOQSpQY+4GfbqVXQSAfD+Xxaa8Z3t18ewoys7cAgvS4bzX77I14VqzQB5ZDM4FPneI5mJsEo9CkY4NlIcf43+2AIZ1I3lSSHX6pgUysw10UK1Ap4sP4NQVBSH18rSUBfyto5GD3wpGl+1wnIARRJtKPObGVTPx8vyhtJcyiTCaEdoQdwJc6QCh4SYu0++gkbEkkj5UJyd8y4k98gfTvwvOud9eKcIaBLVuDQjKwYxLLELcKYRMrCKhRMkn1xfHOei7NAoEupKdLl7+1peoS87yKa0/oi2GFy+pDrzEMF1bX1xWvZHcJ93Igcx2IxGpVjp8lyN5dgtp+Dfx5Y5koMMxtQmJJeCkmJrFribTP8WgKRrEDNzXF2cCl1Sf9EQ8ptVwN2tXHWIlrYCiZhn71Dgxt7JVLYikEGZDF4llpTuY7wy4BwlgZRlWeSOgKYR65GVSp3d2/Ui/chex7Pzcjq19/EFjaf2KVPqlKJazM= X-Forefront-PRVS: 0923977CCA X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BY2PR09MB1096; 23:ddPoSXsWivau6Je0rdNu8y95kyK4dA3z/xscTiIhi?= =?us-ascii?Q?mqIXDpSsenqa4EjHp6hZv7KHriOXffL9gk7luTp80g4bWBowNv7IVhPsOsXf?= =?us-ascii?Q?0JBexaDYkYAJVXBJrrY8zW3m9cDB0z2Frc/5DUDxgT20mNL8pNHPaoHkRIft?= =?us-ascii?Q?q+FWjsBLsebi/pz2PwqhHFR6Dsiawtx9QfEkxdl8g0X+3A3bw389ltYB9eP4?= =?us-ascii?Q?hjI0q2ZyDGC3FG5pfznZEoyYog2E3Kh9FwVnoLDCVJcGVOTBDxl2tF+uWHc8?= =?us-ascii?Q?mf2velnuQT08Le5qOa7dW0sjMjxjlkciyz3eMt1ZRkJlSmoL3H9p2HcsD78R?= =?us-ascii?Q?mw6+T6Ec6ZROkeU4F6Gvf30THW24YAeZXz1m9q72PfsywwTqbUJLWzzOjXIn?= =?us-ascii?Q?+sO/KYfWmHik8ZJYZlSNApQLiMOIfz3ybmCxRPtLFThLoTN1uDKBeRPjTkQK?= =?us-ascii?Q?8N2YpjTwgF/xjmxCn8PLe0mZ/ZBhvQg6gIjwSAvnga1MWLWoO7lTF9L5m22C?= =?us-ascii?Q?F8clvb9i4kDBvKFBxPV85nKuyilbd3JfK+eZpaHkSpxBcjauOcxlg06HmnV3?= =?us-ascii?Q?JSHEop3n6PelUrdGqZfVuJVn9bxoxqG1J1jwymotZaeb1PKpfGU5RPrHRKpN?= =?us-ascii?Q?QMVdj+0euTs44U09wusMi2POJlupr99pqGELrBCR7oHjmYF/LnpGbCZcrNAJ?= =?us-ascii?Q?MHkwcIZNzad8aynK9TvGUiA1PH5G8pEqtRDcyON4bk9QSQJ2Mg7plepALxMw?= =?us-ascii?Q?WxsyzbJ3jDMEU1t8n5MHlEETB1HZJYiT3RbJY/DCQJQ15pX00j5yi9T4L2ei?= =?us-ascii?Q?e5GcuKMDYiIzeeMpVHjIHflMqiwLPiZLrPhqhWo300/LMIFTB443yE9ghkwQ?= =?us-ascii?Q?ZwxltVMNDT9YRviVIhHPYCp41kUb44lXqNGmsNYOoKqYvjckYJUNyRWVqzU6?= =?us-ascii?Q?B6lToTia0LE0nZLfX1P1uTPBY7gBobGNbBPJt4FF/MPNajFJ9Cctbj3xDvAj?= =?us-ascii?Q?vVVmgeI3AJ010/j5d91yVqN31VAt/OqJwhjkfWaQn15P2zVEuztjjCXUH58Z?= =?us-ascii?Q?T8Zzmc=3D?= X-Microsoft-Exchange-Diagnostics: 1; BY2PR09MB1096; 5:rf3WsznBXuCqA0a2LpkKTRsh2lSlthGFOpB8/M86GUbF2cr+pNMPSAR1mBoaEjWx7XRiMUMB42vetk/Sa0rh7GX07MFLLRI3I7o3ha/VwoN78G3llikJVX8pDyNsm1BWWBPDoMrknYdc977vuZxfWA==; 24:ojelMFhbZ+6vaMVsFwfOQrpU/ctQ62beE6IaoxGvrW2x0Drlqw9XRp5c7AvvvCm0lE7DdMRH3USiy4yMMMmcBt3YIxpcdd8ETicC+7ElHLg=; 7:wro+JSzlELxqN0sYbpf9Rke18sfGrY+iQcvIHRXB8bVaZ4R6LzS1IAukdon5FlehnL1fpdW92g4ZpMut4TNNKNpHfW7gb0sIGeOnuA8OS/XLMVqlYgxZc63zCOu36sLI1eqWdXGsrkquALddBG5mcalzn165CPNmIrDGiEe31LGGPiF4RsVjynfOWVHSnw4p SpamDiagnosticOutput: 1:23 SpamDiagnosticMetadata: NSPM X-OriginatorOrg: fnal.gov X-MS-Exchange-CrossTenant-OriginalArrivalTime: 25 Apr 2016 19:42:37.4739 (UTC) X-MS-Exchange-CrossTenant-Id: 9d5f83d3-d338-4fd3-b1c9-b7d94d70255a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=9d5f83d3-d338-4fd3-b1c9-b7d94d70255a; Ip=[131.225.70.95]; Helo=[smtp-ux-prd2.fnal.gov] X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY2PR09MB1096 X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 25 Apr 2016 22:15:36 -0000 ---559023410-959030623-1461613355=:16065 Content-Type: text/plain; charset="US-ASCII"; format=flowed See if the attached patch helps. It applies cleanly to ports/security/krb5-appl, but may need adjustment for the base system telnetd. - Tim On Sun, 24 Apr 2016, Rustam wrote: > I got a couple of dozen dumps in /usr/libexec/telnetd (signal 11), and I'm > wondering what those could be. > > FreeBSD 10.3-RELEASE, built from source. > > Dump stack trace: > telrcv+333 > ttloop+7C > doit+1687 > main+64D > > Dump is at address 0x0000000000404713: > > .text:0004046E2 loc_4046E2: > .text:0004046E2 test byte ptr cs:diagnostic, 10h ; jumptable > 0004046DB cases 11,12 > .text:0004046E9 jz short loc_4046F7 > .text:0004046EB mov edi, offset fmt ; "td: recv IAC" > .text:0004046F0 mov esi, ebx ; option > .text:0004046F2 call printoption > .text:0004046F7 loc_4046F7: > .text:0004046F7 call ptyflush > .text:0004046FC call init_termbuf > .text:000404701 cmp ebx, 0F7h > .text:000404707 mov eax, 6199D8h > .text:00040470C cmovz rax, r14 > .text:000404710 mov rax, [rax] > .text:000404713 mov al, [rax] ; <========== Signal 11 HERE > .text:000404715 cmp al, 0FFh > .text:000404717 jz loc_40495A ; jumptable 0004046DB > default case > .text:00040471D mov rcx, cs:pfrontp > .text:000404724 lea rdx, [rcx+1] > .text:000404728 mov cs:pfrontp, rdx > .text:00040472F mov [rcx], al > .text:000404731 mov cs:telrcv_state, 0 > .text:00040473B jmp loc_4049A0 > > > Regards, > > Rustam > _______________________________________________ > freebsd-security@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" > ---559023410-959030623-1461613355=:16065 Content-Type: text/plain; charset="US-ASCII"; name="patch-telnet__telnetd__state.c" Content-Transfer-Encoding: BASE64 Content-ID: Content-Description: Content-Disposition: attachment; filename="patch-telnet__telnetd__state.c" LS0tIHRlbG5ldC90ZWxuZXRkL3N0YXRlLmMub3JpZwkyMDE2LTAyLTE5IDE0 OjQ0OjU3LjAwMDAwMDAwMCAtMDYwMA0KKysrIHRlbG5ldC90ZWxuZXRkL3N0 YXRlLmMJMjAxNi0wMi0xOSAxNDo0Nzo0NC4wMDAwMDAwMDAgLTA2MDANCkBA IC0yMjcsMTYgKzIyNywxOCBAQA0KIAkJCWNhc2UgRUM6DQogCQkJY2FzZSBF TDoNCiAJCQkgICAgew0KLQkJCQljY190IGNoOw0KKwkJCQljY190IGNoID0g KGNjX3QpKF9QT1NJWF9WRElTQUJMRSk7DQogDQogCQkJCURJQUcoVERfT1BU SU9OUywNCiAJCQkJCXByaW50b3B0aW9uKCJ0ZDogcmVjdiBJQUMiLCBjKSk7 DQogCQkJCXB0eWZsdXNoKCk7CS8qIGhhbGYtaGVhcnRlZCAqLw0KIAkJCQlp bml0X3Rlcm1idWYoKTsNCiAJCQkJaWYgKGMgPT0gRUMpDQotCQkJCQljaCA9 ICpzbGN0YWJbU0xDX0VDXS5zcHRyOw0KKwkJCQkJaWYgKHNsY3RhYltTTENf RUNdLnNwdHIpDQorCQkJCQkgIGNoID0gKnNsY3RhYltTTENfRUNdLnNwdHI7 DQogCQkJCWVsc2UNCi0JCQkJCWNoID0gKnNsY3RhYltTTENfRUxdLnNwdHI7 DQorCQkJCQlpZiAoc2xjdGFiW1NMQ19FTF0uc3B0cikNCisJCQkJCSAgY2gg PSAqc2xjdGFiW1NMQ19FTF0uc3B0cjsNCiAJCQkJaWYgKGNoICE9IChjY190 KShfUE9TSVhfVkRJU0FCTEUpKQ0KIAkJCQkJKnBmcm9udHArKyA9ICh1bnNp Z25lZCBjaGFyKWNoOw0KIAkJCQlicmVhazsNCg== ---559023410-959030623-1461613355=:16065--