[Bug 1930286] Re: Defensics' synopsys fuzzer testing tool cause openssh to segfault
Eric Desrochers
1930286 at bugs.launchpad.net
Mon Jun 7 11:35:40 UTC 2021
UA customer test pkg outcome:
"
We ran the Defensics test suite before and after installing the test packages.
We could observe two core dumps before the test package installation.
But after test package installation, core dumps were not generated.
Can you provide this package as the fix?
"
This concludes that xenial + commit
2adbe1e63bc313d03e8e84e652cc623af8ebb163 fixes their fuzzer segfault
situation.
- Eric
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1930286
Title:
Defensics' synopsys fuzzer testing tool cause openssh to segfault
Status in openssh package in Ubuntu:
New
Status in openssh source package in Xenial:
New
Bug description:
Here's what has been brought to my attention by a UA customer:
* Release:
Xenial/16.04LTS
* Openssh version:
7.2p2-4ubuntu2.10
* Fuzzer tool used:
https://www.synopsys.com/software-integrity/security-testing/fuzz-testing.html (proprietary software)
As of today, I have no access to a reproducer. Still working on
getting access to one (if possible) in order to better understand what
the failing test scenario is doing.
* coredump:
$ gdb $(which sshd) core.cic-1.domain.tld.1612566260.sshd.20731
...
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `sshd: [net] '.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:136
136 ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S: No such file or directory.
(gdb) bt
#0 __memcpy_avx_unaligned () at ../sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:136
#1 0x00007fec25b241db in memcpy (__len=<optimized out>, __src=0x0, __dest=<optimized out>)
at /usr/include/x86_64-linux-gnu/bits/string3.h:53
#2 aes_gcm_ctrl (c=0x558a7ae19758, type=<optimized out>, arg=<optimized out>, ptr=0x0) at e_aes.c:1189
#3 0x00007fec25b20897 in EVP_CIPHER_CTX_ctrl (ctx=ctx at entry=0x558a7ae19758, type=type at entry=18, arg=arg at entry=-1, ptr=ptr at entry=0x0) at evp_enc.c:619
#4 0x0000558a7953f54c in cipher_init (cc=cc at entry=0x558a7ae19750, cipher=0x558a797b3ef0 <ciphers+720>, key=0x0, keylen=32, iv=0x0, ivlen=<optimized out>, do_encrypt=0) at ../cipher.c:336
#5 0x0000558a7954521a in ssh_set_newkeys (ssh=ssh at entry=0x558a7ae18ef0, mode=mode at entry=0)at ../packet.c:919
#6 0x0000558a7955ae92 in kex_input_newkeys (type=<optimized out>, seq=<optimized out>, ctxt=0x558a7ae18ef0)at ../kex.c:434
#7 0x0000558a7954d269 in ssh_dispatch_run (ssh=ssh at entry=0x558a7ae18ef0, mode=0, done=0x558a7ae18278, ctxt=0x558a7ae18ef0) at ../dispatch.c:119
#8 0x0000558a7954d2b9 in ssh_dispatch_run_fatal (ssh=0x558a7ae18ef0, mode=<optimized out>, done=<optimized out>, ctxt=<optimized out>) at ../dispatch.c:140
#9 0x0000558a79502770 in do_ssh2_kex () at ../sshd.c:2744
#10 main (ac=<optimized out>, av=<optimized out>) at ../sshd.c:2301
(gdb)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssh/+bug/1930286/+subscriptions
More information about the foundations-bugs
mailing list