SEGV in Dropbear v2016.74 when connect with HostKeyAlgorithms=ssh-dss or HostKeyAlgorithms=ssh-dss

Konstantin Lazarev cnlazarev at gmail.com
Tue Jan 31 03:58:30 AWST 2017


Hi Matt,

During investigation I outputted list of the keys in dropbear. And I saw
that requested key cannot be found because the list was corrupted. In NOMMU
architectures memory corruption is frequently happens when stack pointer is
running beyond stack size.
I checked stack size setting of dropbear in flat binary header with flthdr
utility from cross tool-chain. And it showed that stack size was default
4K. What is usually very low. Default stack size was used because
"-Wl,-elf2flt=..." parameters were passed only in CFLAGS. But dropbear make
procedure does use only LDFLAGS during linking and no CFLAGS.

I started increasing stack size with "flthdr -s " and finally with 32K it
was working as expected.

Regards,
Konstantin Lazarev.


On Sun, Jan 29, 2017 at 5:17 AM, Matt Johnston <matt at ucc.asn.au> wrote:

> Hi Konstantin,
>
> Glad you found what the problem was. Out of interest how did you figure it
> was a stack size issue? It might be useful as a debugging step for other
> people in future.
> 32kB seems a like a lot, I'll have a look if there's anything that could
> be improved in Dropbear or libtommath.
>
> Cheers,
> Matt
>
> On Sat 28/1/2017, at 3:14 am, Konstantin Lazarev <cnlazarev at gmail.com>
> wrote:
>
> Hi Matt,
>
> The SEGV was related to the size of insufficient stack set for the
> dropbear flat binary.
> After setting stack to 32K problem is not observed any more. SSH client
> login with key parameters is working as expected.
>
> Thank you,
> Konstantin Lazarev.
>
> On Wed, Jan 18, 2017 at 2:32 PM, Konstantin Lazarev <cnlazarev at gmail.com>
> wrote:
>
>> Hi Matt,
>>
>> Dropbear is usually running under inetd in our system. I provide
>> foreground run only for debug output. When dropbear runs from inetd SSH
>> client either received connection rejection or nothing because dropbear
>> crush.
>> And when default algo is used  ecdsa-sha2-nistp521 is reported by client.
>> Please see log:
>> $ ssh -v root at 172.17.152.20
>>
>> OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
>> debug1: Reading configuration data /etc/ssh/ssh_config
>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>> debug1: Connecting to 172.17.152.20 [172.17.152.20] port 22.
>> debug1: Connection established.
>> debug1: key_load_public: No such file or directory
>> debug1: identity file /home//.ssh/id_rsa type
>> -1
>>
>>
>>
>> debug1: key_load_public: No such file or directory
>>
>>
>>
>>
>> debug1: identity file /home//.ssh/id_rsa-cert type
>> -1
>>
>>
>>
>> debug1: key_load_public: No such file or directory
>>
>>
>>
>>
>> debug1: identity file /home//.ssh/id_dsa type
>> -1
>>
>>
>>
>> debug1: key_load_public: No such file or directory
>>
>>
>>
>>
>> debug1: identity file /home//.ssh/id_dsa-cert type
>> -1
>>
>>
>>
>> debug1: key_load_public: No such file or directory
>>
>>
>>
>>
>> debug1: identity file /home//.ssh/id_ecdsa type
>> -1
>>
>>
>>
>> debug1: key_load_public: No such file or directory
>>
>>
>>
>>
>> debug1: identity file /home//.ssh/id_ecdsa-cert type
>> -1
>>
>>
>>
>> debug1: key_load_public: No such file or directory
>>
>>
>>
>>
>> debug1: identity file /home//.ssh/id_ed25519 type
>> -1
>>
>>
>>
>> debug1: key_load_public: No such file or directory
>>
>>
>>
>>
>> debug1: identity file /home//.ssh/id_ed25519-cert type
>> -1
>>
>>
>>
>> debug1: Enabling compatibility mode for protocol
>> 2.0
>>
>>
>>
>> debug1: Local version string SSH-2.0-OpenSSH_7.2p2
>> Ubuntu-4ubuntu2.1
>>
>>
>>
>> debug1: Remote protocol version 2.0, remote software version
>> dropbear_2016.74
>>
>>
>>
>> debug1: no match: dropbear_2016.74
>>
>>
>>
>>
>> debug1: Authenticating to 172.17.152.20:22 as
>> 'root'
>>
>>
>>
>> debug1: SSH2_MSG_KEXINIT sent
>>
>>
>>
>>
>> debug1: SSH2_MSG_KEXINIT received
>>
>>
>>
>>
>> debug1: kex: algorithm: curve25519-sha256 at libssh.org
>>
>>
>>
>>
>> debug1: kex: host key algorithm: ecdsa-sha2-nistp521
>>
>>
>>
>>
>> debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256
>> compression: none
>>
>>
>> debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256
>> compression: none
>>
>>
>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>>
>>
>>
>>
>> debug1: Server host key: ecdsa-sha2-nistp521
>> SHA256:F7fYb86a+/mzH75THk014kULrbPL93EVj4jwpKsngso
>>
>>
>>
>> The authenticity of host '172.17.152.20 (172.17.152.20)' can't be
>> established.
>>
>>
>>
>> ECDSA key fingerprint is SHA256:F7fYb86a+/mzH75THk014kU
>> LrbPL93EVj4jwpKsngso.
>>
>>
>>
>> Are you sure you want to continue connecting (yes/no)?
>> yes
>>
>>
>>
>> Warning: Permanently added '172.17.152.20' (ECDSA) to the list of known
>> hosts.
>>
>>
>>
>> debug1: rekey after 4294967296 blocks
>>
>>
>>
>>
>> debug1: SSH2_MSG_NEWKEYS sent
>>
>>
>>
>>
>> debug1: expecting SSH2_MSG_NEWKEYS
>>
>>
>>
>>
>> debug1: rekey after 4294967296 blocks
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey,password
>> debug1: Next authentication method: publickey
>> debug1: Trying private key: /home//.ssh/id_rsa
>> debug1: Trying private key: /home//.ssh/id_dsa
>> debug1: Trying private key: /home//.ssh/id_ecdsa
>> debug1: Trying private key: /home//.ssh/id_ed25519
>> debug1: Next authentication method: password
>> root at 172.17.152.20's password:
>> debug1: Authentication succeeded (password).
>> Authenticated to 172.17.152.20 ([172.17.152.20]:22).
>> debug1: channel 0: new [client-session]
>> debug1: Entering interactive session.
>> debug1: pledge: network
>> debug1: Sending environment.
>> debug1: Sending env LANG = en_US.UTF-8
>>
>>
>> [root at 172.17.152.20: ]#
>>
>> Regards,
>> Konstantin Lazarev.
>>
>>
>> On Wed, Jan 18, 2017 at 5:13 AM, Matt Johnston <matt at ucc.asn.au> wrote:
>>
>>> Hi Konstantin,
>>>
>>> Would you be able to run Dropbear under inetd and see if that helps?
>>> uClinux generally requires that - though it's not obvious to me how it
>>> could cause this crash.
>>> Is there any chance of getting a backtrace where it is crashing? The RSA
>>> and DSS crashes are at different spots, so I guess some global state might
>>> be getting corrupted.
>>> When it successfully runs (no HostKeyAlgorithms) I assume it is using
>>> ecdsa for the hostkey?
>>>
>>> Cheers,
>>> Matt
>>>
>>>
>>> On Wed 18/1/2017, at 8:53 am, Konstantin Lazarev <cnlazarev at gmail.com>
>>> wrote:
>>>
>>> Hello,
>>>
>>> I see consistent SEGV when running Dropbear v2016.74 in uClinux 2.6.33
>>> on ARMv7m-cortex-m4 processor
>>> Faults happen only if client specifying HostKeyAlgorithms option.
>>> Please see verbose output from client and dropbear:
>>>
>>> [root at 172.17.152.20: ]# dropbear -V
>>> Dropbear v2016.74
>>>
>>> ---------------------------------------- from client
>>> ------------------------------------------------------------
>>> ---------------
>>> $ssh -v -o HostKeyAlgorithms=ssh-dss root at 172.17.152.20
>>> OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>>> debug1: Connecting to 172.17.152.20 [172.17.152.20] port 22.
>>> debug1: Connection established.
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_rsa type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_rsa-cert type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_dsa type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_dsa-cert type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ecdsa type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ecdsa-cert type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ed25519 type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ed25519-cert type -1
>>> debug1: Enabling compatibility mode for protocol 2.0
>>> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
>>> debug1: Remote protocol version 2.0, remote software version
>>> dropbear_2016.74
>>> debug1: no match: dropbear_2016.74
>>> debug1: Authenticating to 172.17.152.20:22 as 'root'
>>> debug1: SSH2_MSG_KEXINIT sent
>>> debug1: SSH2_MSG_KEXINIT received
>>> debug1: kex: algorithm: curve25519-sha256 at libssh.org
>>> debug1: kex: host key algorithm: ssh-dss
>>> debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256
>>> compression: none
>>> debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256
>>> compression: none
>>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>>> Connection closed by 172.17.152.20 port 22
>>>
>>> ---------------------------------------- from dropbear
>>> ------------------------------------------------------------
>>> ---------------
>>> [root at 172.17.152.20: ]# dropbear -v -F
>>> TRACE  (2934) 0.000000: enter buf_get_rsa_priv_key
>>> TRACE  (2934) 0.000702: enter buf_get_rsa_pub_key
>>> TRACE  (2934) 0.003142: leave buf_get_rsa_pub_key: success
>>> TRACE  (2934) 0.006667: leave buf_get_rsa_priv_key
>>> TRACE  (2934) 0.007364: leave loadhostkey
>>> TRACE  (2934) 0.008475: enter buf_get_dss_pub_key
>>> TRACE  (2934) 0.029568: leave buf_get_dss_pub_key: success
>>> TRACE  (2934) 0.030491: leave loadhostkey
>>> TRACE  (2934) 0.031491: enter buf_get_ecdsa_priv_key
>>> TRACE  (2934) 0.032079: enter buf_get_ecc_raw_pubkey
>>> TRACE  (2934) 0.037565: leave buf_get_ecdsa_pub_key
>>> TRACE  (2934) 0.038492: leave loadhostkey
>>> TRACE  (2934) 0.049830: Disabling key type 2
>>> TRACE  (2934) 0.050450: Disabling key type 3
>>> TRACE  (2934) 0.110221: listensockets: 1 to try
>>> TRACE  (2934) 0.111137: listening on ':22'
>>> TRACE  (2934) 0.111844: enter dropbear_listen
>>> TRACE  (2934) 0.112368: dropbear_listen: all interfaces
>>> TRACE  (2934) 0.113916: bind(22) failed
>>> TRACE  (2934) 0.114629: leave dropbear_listen: success, 1 socks bound
>>> TRACE  (2934) 0.115578: set_listen_fast_open failed for socket 3:
>>> Protocol not available
>>> [2934] Jan 01 00:16:07 Not backgrounding
>>> [2934] Jan 01 00:16:12 Child connection from 172.17.163.3:42180
>>> TRACE  (2934) 5.057261: enter session_init
>>> TRACE  (2934) 5.058028: setnonblocking: 5
>>> TRACE  (2934) 5.058726: leave setnonblocking
>>> TRACE  (2934) 5.059736: setnonblocking: 5
>>> TRACE  (2934) 5.060404: leave setnonblocking
>>> TRACE  (2934) 5.060983: update_channel_prio
>>> TRACE  (2934) 5.061525: update_channel_prio: not any
>>> TRACE  (2934) 5.062037: Dropbear priority transitioning 10 -> 11
>>> TRACE  (2934) 5.062814: setnonblocking: 3
>>> TRACE  (2934) 5.063414: leave setnonblocking
>>> TRACE  (2934) 5.063894: setnonblocking: 6
>>> TRACE  (2934) 5.064461: leave setnonblocking
>>> TRACE  (2934) 5.065835: leave session_init
>>> TRACE  (2934) 5.066793: kexinitialise()
>>> TRACE  (2934) 5.067877: DATAALLOWED=0
>>> TRACE  (2934) 5.068411: -> KEXINIT
>>> TRACE  (2934) 5.069399: enter set_connect_fds
>>> TRACE  (2934) 5.070012: maybe_empty_reply_queue - no data allowed
>>> TRACE  (2934) 5.070558: enter handle_connect_fds
>>> TRACE  (2934) 5.071036: leave handle_connect_fds - end iter
>>> TRACE  (2934) 5.071895: empty queue dequeing
>>> TRACE  (2934) 5.073045: enter set_connect_fds
>>> TRACE  (2934) 5.073657: enter ident_readln
>>> TRACE  (2934) 5.077698: leave ident_readln: return 40
>>> TRACE  (2934) 5.078328: remoteident: SSH-2.0-OpenSSH_7.2p2
>>> Ubuntu-4ubuntu2.1
>>> TRACE  (2934) 5.079270: maybe_empty_reply_queue - no data allowed
>>> TRACE  (2934) 5.079801: enter handle_connect_fds
>>> TRACE  (2934) 5.080287: leave handle_connect_fds - end iter
>>> TRACE  (2934) 5.080824: enter set_connect_fds
>>> TRACE  (2934) 5.081611: process_packet: packet type = 20,  len 1048
>>> TRACE  (2934) 5.082330: got expected packet 20 during kexinit
>>> TRACE  (2934) 5.082944: <- KEXINIT
>>> TRACE  (2934) 5.083440: enter recv_msg_kexinit
>>> TRACE  (2934) 5.084130: buf_match_algo: curve25519-sha256 at libssh.org,e
>>> cdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diff
>>> ie-hellman-group-exchange-sha256,diffie-hellman-group-exchan
>>> ge-sha1,diffie-hellman-group14-sha1,ext-info-c
>>> TRACE  (2934) 5.084896: kexguess2 1
>>> TRACE  (2934) 5.085457: kex algo curve25519-sha256 at libssh.org
>>> TRACE  (2934) 5.086025: buf_match_algo: ssh-dss
>>> TRACE  (2934) 5.086588: hostkey algo ssh-dss
>>> TRACE  (2934) 5.087174: buf_match_algo: chacha20-poly1305 at openssh.com,
>>> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes2
>>> 56-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
>>> TRACE  (2934) 5.087844: enc c2s is  aes128-ctr
>>> TRACE  (2934) 5.088424: buf_match_algo: chacha20-poly1305 at openssh.com,
>>> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes2
>>> 56-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
>>> TRACE  (2934) 5.089247: enc s2c is  aes128-ctr
>>> TRACE  (2934) 5.089838: buf_match_algo: umac-64-etm at openssh.com,umac-1
>>> 28-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-5
>>> 12-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,
>>> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> TRACE  (2934) 5.090572: hash c2s is  hmac-sha2-256
>>> TRACE  (2934) 5.091158: buf_match_algo: umac-64-etm at openssh.com,umac-1
>>> 28-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-5
>>> 12-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,
>>> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> TRACE  (2934) 5.091877: hash s2c is  hmac-sha2-256
>>> TRACE  (2934) 5.092456: buf_match_algo: none,zlib at openssh.com,zlib
>>> TRACE  (2934) 5.093025: hash c2s is  none
>>> TRACE  (2934) 5.093598: buf_match_algo: none,zlib at openssh.com,zlib
>>> TRACE  (2934) 5.094179: hash s2c is  none
>>> TRACE  (2934) 5.094836: leave recv_msg_kexinit
>>> TRACE  (2934) 5.095394: maybe_empty_reply_queue - no data allowed
>>> TRACE  (2934) 5.095885: enter handle_connect_fds
>>> TRACE  (2934) 5.096379: leave handle_connect_fds - end iter
>>> TRACE  (2934) 5.096902: enter set_connect_fds
>>> TRACE  (2934) 5.097611: process_packet: packet type = 30,  len 42
>>> TRACE  (2934) 5.098344: got expected packet 30 during kexinit
>>> TRACE  (2934) 5.099060: enter recv_msg_kexdh_init
>>> TRACE  (2934) 5.099589: enter send_msg_kexdh_reply
>>> TRACE  (2934) 5.234566: enter buf_put_dss_sign
>>> TRACE  (2934) 5.336603: leave buf_put_dss_sign
>>> TRACE  (2934) 5.337367: leave send_msg_kexdh_reply
>>> TRACE  (2934) 5.337903: enter send_msg_newkeys
>>> TRACE  (2934) 5.338527: enter gen_new_keys
>>> Aiee, segfault! You should probably report this as a bug to the developer
>>> [root at 172.17.152.20: ]#
>>>
>>>
>>> ---------------------------------------- from client
>>> ------------------------------------------------------------
>>> ---------------
>>> $ ssh -v -o HostKeyAlgorithms=ssh-rsa root at 172.17.152.20
>>> OpenSSH_7.2p2 Ubuntu-4ubuntu2.1, OpenSSL 1.0.2g  1 Mar 2016
>>> debug1: Reading configuration data /etc/ssh/ssh_config
>>> debug1: /etc/ssh/ssh_config line 19: Applying options for *
>>> debug1: Connecting to 172.17.152.20 [172.17.152.20] port 22.
>>> debug1: Connection established.
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_rsa type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_rsa-cert type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_dsa type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_dsa-cert type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ecdsa type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ecdsa-cert type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ed25519 type -1
>>> debug1: key_load_public: No such file or directory
>>> debug1: identity file /home//.ssh/id_ed25519-cert type -1
>>> debug1: Enabling compatibility mode for protocol 2.0
>>> debug1: Local version string SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1
>>> debug1: Remote protocol version 2.0, remote software version
>>> dropbear_2016.74
>>> debug1: no match: dropbear_2016.74
>>> debug1: Authenticating to 172.17.152.20:22 as 'root'
>>> debug1: SSH2_MSG_KEXINIT sent
>>> debug1: SSH2_MSG_KEXINIT received
>>> debug1: kex: algorithm: curve25519-sha256 at libssh.org
>>> debug1: kex: host key algorithm: ssh-rsa
>>> debug1: kex: server->client cipher: aes128-ctr MAC: hmac-sha2-256
>>> compression: none
>>> debug1: kex: client->server cipher: aes128-ctr MAC: hmac-sha2-256
>>> compression: none
>>> debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
>>> Connection closed by 172.17.152.20 port 22
>>>
>>> ---------------------------------------- from dropbear
>>> ------------------------------------------------------------
>>> ---------------
>>> [root at 172.17.152.20: ]# dropbear -v -F
>>> TRACE  (3066) 0.000000: enter buf_get_rsa_priv_key
>>> TRACE  (3066) 0.000692: enter buf_get_rsa_pub_key
>>> TRACE  (3066) 0.003467: leave buf_get_rsa_pub_key: success
>>> TRACE  (3066) 0.007054: leave buf_get_rsa_priv_key
>>> TRACE  (3066) 0.007749: leave loadhostkey
>>> TRACE  (3066) 0.008958: enter buf_get_dss_pub_key
>>> TRACE  (3066) 0.011581: leave buf_get_dss_pub_key: success
>>> TRACE  (3066) 0.012362: leave loadhostkey
>>> TRACE  (3066) 0.013428: enter buf_get_ecdsa_priv_key
>>> TRACE  (3066) 0.014002: enter buf_get_ecc_raw_pubkey
>>> TRACE  (3066) 0.019249: leave buf_get_ecdsa_pub_key
>>> TRACE  (3066) 0.020103: leave loadhostkey
>>> TRACE  (3066) 0.020569: Disabling key type 2
>>> TRACE  (3066) 0.021071: Disabling key type 3
>>> TRACE  (3066) 0.059965: listensockets: 1 to try
>>> TRACE  (3066) 0.061012: listening on ':22'
>>> TRACE  (3066) 0.061761: enter dropbear_listen
>>> TRACE  (3066) 0.062337: dropbear_listen: all interfaces
>>> TRACE  (3066) 0.064058: bind(22) failed
>>> TRACE  (3066) 0.064837: leave dropbear_listen: success, 1 socks bound
>>> TRACE  (3066) 0.065962: set_listen_fast_open failed for socket 3:
>>> Protocol not available
>>> [3066] Jan 01 00:18:21 Not backgrounding
>>> [3066] Jan 01 00:18:23 Child connection from 172.17.163.3:42554
>>> TRACE  (3066) 2.443367: enter session_init
>>> TRACE  (3066) 2.444121: setnonblocking: 5
>>> TRACE  (3066) 2.444770: leave setnonblocking
>>> TRACE  (3066) 2.445351: setnonblocking: 5
>>> TRACE  (3066) 2.445970: leave setnonblocking
>>> TRACE  (3066) 2.446569: update_channel_prio
>>> TRACE  (3066) 2.447120: update_channel_prio: not any
>>> TRACE  (3066) 2.447636: Dropbear priority transitioning 10 -> 11
>>> TRACE  (3066) 2.448406: setnonblocking: 3
>>> TRACE  (3066) 2.449024: leave setnonblocking
>>> TRACE  (3066) 2.449518: setnonblocking: 6
>>> TRACE  (3066) 2.450104: leave setnonblocking
>>> TRACE  (3066) 2.451526: leave session_init
>>> TRACE  (3066) 2.452468: kexinitialise()
>>> TRACE  (3066) 2.453758: DATAALLOWED=0
>>> TRACE  (3066) 2.454296: -> KEXINIT
>>> TRACE  (3066) 2.454825: enter set_connect_fds
>>> TRACE  (3066) 2.455418: maybe_empty_reply_queue - no data allowed
>>> TRACE  (3066) 2.455931: enter handle_connect_fds
>>> TRACE  (3066) 2.456436: leave handle_connect_fds - end iter
>>> TRACE  (3066) 2.457321: empty queue dequeing
>>> TRACE  (3066) 2.458488: enter set_connect_fds
>>> TRACE  (3066) 2.459096: enter ident_readln
>>> TRACE  (3066) 2.463414: leave ident_readln: return 40
>>> TRACE  (3066) 2.464057: remoteident: SSH-2.0-OpenSSH_7.2p2
>>> Ubuntu-4ubuntu2.1
>>> TRACE  (3066) 2.464651: maybe_empty_reply_queue - no data allowed
>>> TRACE  (3066) 2.465149: enter handle_connect_fds
>>> TRACE  (3066) 2.465624: leave handle_connect_fds - end iter
>>> TRACE  (3066) 2.466161: enter set_connect_fds
>>> TRACE  (3066) 2.466961: process_packet: packet type = 20,  len 1048
>>> TRACE  (3066) 2.467688: got expected packet 20 during kexinit
>>> TRACE  (3066) 2.468301: <- KEXINIT
>>> TRACE  (3066) 2.468759: enter recv_msg_kexinit
>>> TRACE  (3066) 2.469425: buf_match_algo: curve25519-sha256 at libssh.org,e
>>> cdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diff
>>> ie-hellman-group-exchange-sha256,diffie-hellman-group-exchan
>>> ge-sha1,diffie-hellman-group14-sha1,ext-info-c
>>> TRACE  (3066) 2.470150: kexguess2 1
>>> TRACE  (3066) 2.470744: kex algo curve25519-sha256 at libssh.org
>>> TRACE  (3066) 2.471337: buf_match_algo: ssh-rsa
>>> TRACE  (3066) 2.471917: hostkey algo ssh-rsa
>>> TRACE  (3066) 2.472489: buf_match_algo: chacha20-poly1305 at openssh.com,
>>> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes2
>>> 56-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
>>> TRACE  (3066) 2.473777: enc c2s is  aes128-ctr
>>> TRACE  (3066) 2.474389: buf_match_algo: chacha20-poly1305 at openssh.com,
>>> aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm at openssh.com,aes2
>>> 56-gcm at openssh.com,aes128-cbc,aes192-cbc,aes256-cbc,3des-cbc
>>> TRACE  (3066) 2.475073: enc s2c is  aes128-ctr
>>> TRACE  (3066) 2.475668: buf_match_algo: umac-64-etm at openssh.com,umac-1
>>> 28-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-5
>>> 12-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,
>>> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> TRACE  (3066) 2.476384: hash c2s is  hmac-sha2-256
>>> TRACE  (3066) 2.476967: buf_match_algo: umac-64-etm at openssh.com,umac-1
>>> 28-etm at openssh.com,hmac-sha2-256-etm at openssh.com,hmac-sha2-5
>>> 12-etm at openssh.com,hmac-sha1-etm at openssh.com,umac-64 at openssh.com,
>>> umac-128 at openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
>>> TRACE  (3066) 2.477690: hash s2c is  hmac-sha2-256
>>> TRACE  (3066) 2.478301: buf_match_algo: none,zlib at openssh.com,zlib
>>> TRACE  (3066) 2.478884: hash c2s is  none
>>> TRACE  (3066) 2.479439: buf_match_algo: none,zlib at openssh.com,zlib
>>> TRACE  (3066) 2.480033: hash s2c is  none
>>> TRACE  (3066) 2.480702: leave recv_msg_kexinit
>>> TRACE  (3066) 2.481229: maybe_empty_reply_queue - no data allowed
>>> TRACE  (3066) 2.481743: enter handle_connect_fds
>>> TRACE  (3066) 2.482215: leave handle_connect_fds - end iter
>>> TRACE  (3066) 2.482777: enter set_connect_fds
>>> TRACE  (3066) 2.483639: process_packet: packet type = 30,  len 42
>>> TRACE  (3066) 2.484336: got expected packet 30 during kexinit
>>> TRACE  (3066) 2.484948: enter recv_msg_kexdh_init
>>> TRACE  (3066) 2.485459: enter send_msg_kexdh_reply
>>> TRACE  (3066) 2.486015: enter buf_put_rsa_pub_key
>>> TRACE  (3066) 2.492135: leave buf_put_rsa_pub_key
>>> TRACE  (3066) 2.596695: enter buf_put_rsa_pub_key
>>> TRACE  (3066) 2.602879: leave buf_put_rsa_pub_key
>>> TRACE  (3066) 2.606368: enter buf_put_rsa_sign
>>> Aiee, segfault! You should probably report this as a bug to the developer
>>>
>>>
>>> Please advise how to fix the problem in Dropbear.
>>>
>>> Please let me know if additional information is needed.
>>>
>>> Thank you,
>>> Konstantin Lazarev.
>>>
>>>
>>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20170130/617bcaec/attachment-0001.htm 


More information about the Dropbear mailing list