[Bug 1734040] Re: openssh: The concurrency of settimeofday and ssh connect would lead to coredump

Andreas Hasenack andreas at canonical.com
Mon Oct 29 17:36:48 UTC 2018 

Is there a sccenario where this can be easily triggered? I'm thinking
both in terms of priority for this fix, and for an SRU test case
description.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1734040

Title:
  openssh: The concurrency of settimeofday and ssh connect would lead to
  coredump

Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Xenial:
  New
Status in openssh source package in Bionic:
  New

Bug description:
  Hi, pals:
  we found a coredump when we do ssh connection. the basic information as follow:
  the stack trace in coredump:
  (gdb) bt
  #0 0x20007510 in raise () from /lib/libc.so.6
  #1 0x2000c718 in abort () from /lib/libc.so.6
  #2 0x2053d42c in __mulvsi3 (a=, b=) at /home/l00194794/yocto/c08_sdk/sdk/build/script/cpu_hcc/ppc-linux/../../../toolchain_soft/ppc-linux/src/gcc-4.7.1/libgcc/libgcc2.c:159
  #3 0x2050d030 in ms_subtract_diff (start=start at entry=0xbfa20a9c, ms=0x48027c40, ms at entry=0xbfa20a98) at misc.c:871
  #4 0x204d2568 in ssh_exchange_identification (timeout_ms=timeout_ms at entry=5000) at sshconnect.c:580
  #5 0x204d3e3c in ssh_login (sensitive=sensitive at entry=0x20586ea8, orighost=, hostaddr=hostaddr at entry=0x20586e28, port=, pw=pw at entry=0x20589ae8, timeout_ms=5000)
  at sshconnect.c:1346
  #6 0x204c433c in main (ac=, av=) at ssh.c:1326

  the direct cause of the coredump, is that the function __mulvsi3 in
  gcc checked the plus operation is overflow, then this gcc function
  abort().

  the reason of the overflow is cause by the time-setting operation when
  do ssh connect. in function ms_subtract_diff . the timeoutp get a very
  big value because of the time-change.

  So could we add a limitation for the differ of the 2 values get from gettimeofday ? if it's too big, would lead to overflow, we set a default value and report a warning log.
  thanks for you attention and expect your reply.

  B.R.
  Le Wang

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1734040/+subscriptions

More information about the foundations-bugs mailing list