FS#75602 - [ldns] Causes openssh to crash when VerifyHostKeyDNS is enabled

Attached to Project: Arch Linux
Opened by Mantas Mikulėnas (grawity) - Sunday, 14 August 2022, 17:35 GMT
Last edited by Felix Yan (felixonmars) - Sunday, 14 August 2022, 20:38 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Felix Yan (felixonmars)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

With ldns 1.8.2-1, openssh will crash when connecting to a server with the option "VerifyHostKeyDNS" enabled (even if that server doesn't have any SSHFP records).

$ ssh example@archlinux.org -oVerifyHostKeyDNS=yes
ssh: ./rdata.c:26: ldns_rdf_size: Assertion `rd != NULL' failed.

Backtrace:

Program terminated with signal SIGABRT, Aborted.
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
44 return INTERNAL_SYSCALL_ERROR_P (ret) ? INTERNAL_SYSCALL_ERRNO (ret) : 0;
(gdb) bt
#0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6,
no_tid=no_tid@entry=0) at pthread_kill.c:44
#1 0x00007f92214a1543 in __pthread_kill_internal (signo=6, threadid=<optimized out>)
at pthread_kill.c:78
#2 0x00007f9221451998 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
#3 0x00007f922143b53d in __GI_abort () at abort.c:79
#4 0x00007f922143b45c in __assert_fail_base (
fmt=0x7f92215b59f0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=0x7f92219bf49b "rd != NULL", file=0x7f92219bf491 "./rdata.c", line=26,
function=<optimized out>) at assert.c:92
#5 0x00007f922144a4c6 in __GI___assert_fail (assertion=0x7f92219bf49b "rd != NULL",
file=0x7f92219bf491 "./rdata.c", line=26, function=0x7f92219c05e8 "ldns_rdf_size") at assert.c:101
#6 0x00007f92219a752e in ldns_rdf_size () from /usr/lib/libldns.so.3
#7 0x00007f922199d7c1 in ldns_rdf2buffer_wire_compress () from /usr/lib/libldns.so.3
#8 0x00007f922199e2d4 in ldns_rr2buffer_wire_compress () from /usr/lib/libldns.so.3
#9 0x00007f922199e819 in ldns_pkt2buffer_wire_compress () from /usr/lib/libldns.so.3
#10 0x00007f922199eb8d in ldns_pkt2buffer_wire () from /usr/lib/libldns.so.3
#11 0x00007f92219a128f in ldns_send () from /usr/lib/libldns.so.3
#12 0x00007f92219ac142 in ldns_resolver_send_pkt () from /usr/lib/libldns.so.3
#13 0x00007f92219ac7b4 in ldns_resolver_send () from /usr/lib/libldns.so.3
#14 0x00007f92219acb8b in ldns_resolver_query () from /usr/lib/libldns.so.3
#15 0x000055e942e9f9ae in getrrsetbyname (rdclass=1, rdtype=44, flags=0, res=<synthetic pointer>,
hostname=<optimized out>) at openbsd-compat/getrrsetbyname-ldns.c:112
#16 verify_host_key_dns (address=<optimized out>, flags=<synthetic pointer>, hostkey=0x55e9441959c0,
hostname=<optimized out>) at /build/openssh/src/openssh-9.0p1/dns.c:223
#17 verify_host_key (host=<optimized out>, hostaddr=<optimized out>, host_key=<optimized out>,
cinfo=<optimized out>) at /build/openssh/src/openssh-9.0p1/sshconnect.c:1496
#18 0x000055e942ea2545 in verify_host_key_callback (hostkey=<optimized out>, ssh=<optimized out>)
at /build/openssh/src/openssh-9.0p1/sshconnect2.c:99
#19 0x000055e942ecf70b in kex_verify_host_key (ssh=ssh@entry=0x55e94418adc0,
server_host_key=server_host_key@entry=0x55e944193700)
at /build/openssh/src/openssh-9.0p1/kex.c:1175
#20 0x000055e942ed5770 in input_kex_gen_reply (type=<optimized out>, seq=<optimized out>,
ssh=0x55e94418adc0) at /build/openssh/src/openssh-9.0p1/kexgen.c:164
#21 0x000055e942ecd3fe in ssh_dispatch_run (done=0x55e94418b6c8, mode=0, ssh=0x55e94418adc0)
at /build/openssh/src/openssh-9.0p1/dispatch.c:113
#22 ssh_dispatch_run_fatal (ssh=0x55e94418adc0, mode=0, done=0x55e94418b6c8)
at /build/openssh/src/openssh-9.0p1/dispatch.c:133
#23 0x000055e942e85902 in ssh_kex2 (hostaddr=0x55e942f41820 <hostaddr>, cinfo=0x55e9441928c0,
port=<optimized out>, host=<optimized out>, ssh=<optimized out>)
at /build/openssh/src/openssh-9.0p1/sshconnect2.c:290
#24 ssh_login (pw=<optimized out>, pw=<optimized out>, sensitive=0x55e942f43000 <sensitive_data>,
hostaddr=0x55e942f41820 <hostaddr>, cinfo=0x55e9441928c0, timeout_ms=<optimized out>,
port=<optimized out>, orighost=<optimized out>, ssh=<optimized out>)
at /build/openssh/src/openssh-9.0p1/sshconnect.c:1565
#25 main (ac=<optimized out>, av=<optimized out>) at /build/openssh/src/openssh-9.0p1/ssh.c:1659
(gdb)
This task depends upon

Closed by  Felix Yan (felixonmars)
Sunday, 14 August 2022, 20:38 GMT
Reason for closing:  Fixed
Additional comments about closing:  ldns 1.8.2-2
Comment by Jill (KokaKiwi) - Sunday, 14 August 2022, 20:21 GMT
Look like the issue has been reported upstream https://github.com/NLnetLabs/ldns/issues/183 and resolved by the commit https://github.com/NLnetLabs/ldns/commit/1acee0c5d35f4a04df07e5d5f4490e6318513997
Comment by Felix Yan (felixonmars) - Sunday, 14 August 2022, 20:29 GMT
Please try ldns 1.8.2-2 with the fix.
Comment by Jill (KokaKiwi) - Sunday, 14 August 2022, 20:35 GMT
@Felix The patch seems to work fine on my side

i also tried before seeing the new release using a manually patched package and worked fine too)

Loading...