libssh on alpine linux crashes once password login was successful
Motivation
I compiled the ssh_server.c example inside alpine Docker image and on successful login I see a segfault. I have no clue what could be the issue here.
clang --version
Alpine clang version 10.0.1
Target: x86_64-alpine-linux-musl
Thread model: posix
InstalledDir: /usr/bin
ld --version
LLD 10.0.1 (compatible with GNU linkers)
cmake -DWITH_SERVER=ON -DWITH_EXAMPLES=ON -DCMAKE_CXX_FLAGS=--coverage -DCMAKE_C_FLAGS=--coverage ..
I run it with:
ssh_server_pthread -v -e ../ssh_host_ecdsa_key -d ../ssh_host_dsa_key -r ../ssh_host_rsa_key -p 8888 -P password -u serveradmin -k ../ssh_host_ecdsa_key localhost
[2022/12/05 10:23:31.354732, 2] ssh_pki_import_privkey_base64: Trying to decode privkey passphrase=false
[2022/12/05 10:23:31.354912, 2] ssh_pki_openssh_import: Opening OpenSSH private key: ciphername: none, kdf: none, nkeys: 1
Using a wrong password it does not crash but once the correct password is used I get a segfault.
Dockerfile
FROM alpine:3.13
RUN apk add --no-cache ca-certificates libstdc++ su-exec git vim bash cmake make zlib-dev openssl-dev mbedtls-dev clang gdb llvm10-libs llvm10 libc-dev lld gcc alpine-sdk
RUN apk add --no-cache openssh
RUN set -eux; \
ldconfig /usr/local/lib
RUN rm /usr/bin/ld && ln -s /usr/bin/lld /usr/bin/ld
CMD [ "bash" ]
backtrace
(gdb) bt full
#0 0x000055eae20e404b in process_stdout (fd=<error reading variable: Cannot access memory at address 0x7f984ea3581c>, revents=<error reading variable: Cannot access memory at address 0x7f984ea35818>, userdata=<error reading variable: Cannot access memory at address 0x7f984ea35810>) at /tmp/libssh-mirror/examples/ssh_server.c:615
buf = <error reading variable buf (value requires 1048576 bytes, which is more than max-value-size)>
n = <error reading variable n (Cannot access memory at address 0x7f984ea35824)>
channel = <error reading variable channel (Cannot access memory at address 0x7f984ea35828)>
#1 0x00007f984ee1b34a in ssh_event_fd_wrapper_callback (p=0x7f984eb05cc0, fd=6, revents=1, userdata=0x7f984eb12860) at /tmp/libssh-mirror/src/poll.c:815
pw = 0x7f984eb12860
#2 0x00007f984ee1b15e in ssh_poll_ctx_dopoll (ctx=0x7f984eef5a00, timeout=-1) at /tmp/libssh-mirror/src/poll.c:720
ret = 0
rc = 1
i = 1
used = 2
p = 0x7f984eb05cc0
fd = 6
revents = 1
ts = {seconds = 232525, useconds = 678377}
#3 0x00007f984ee1b617 in ssh_event_dopoll (event=0x7f984eb38270, timeout=-1) at /tmp/libssh-mirror/src/poll.c:993
rc = 32664
#4 0x000055eae20e44eb in handle_session (event=0x7f984eb38270, session=0x7f984eb38820) at /tmp/libssh-mirror/examples/ssh_server.c:730
n = 46
rc = 0
wsize = {ws_row = 53, ws_col = 206, ws_xpixel = 0, ws_ypixel = 0}
cdata = {pid = 35, pty_master = 6, pty_slave = 7, child_stdin = 6, child_stdout = 6, child_stderr = -1, event = 0x7f984eb38270, winsize = 0x7f984eb35948}
sdata = {channel = 0x7f984eb12b60, auth_attempts = 0, authenticated = 1}
channel_cb = {size = 136, userdata = 0x7f984eb35960, channel_data_function = 0x55eae20e384d <data_function>, channel_eof_function = 0x0, channel_close_function = 0x0, channel_signal_function = 0x0, channel_exit_status_function = 0x0, channel_exit_signal_function = 0x0, channel_pty_request_function = 0x55eae20e38bb <pty_request>, channel_shell_request_function = 0x55eae20e3d57 <shell_request>, channel_auth_agent_req_function = 0x0, channel_x11_req_function = 0x0, channel_pty_window_change_function = 0x55eae20e397c <pty_resize>, channel_exec_request_function = 0x55eae20e3ce0 <exec_request>, channel_env_request_function = 0x0, channel_subsystem_request_function = 0x55eae20e3dbd <subsystem_request>, channel_write_wontblock_function = 0x0}
server_cb = {size = 88, userdata = 0x7f984eb35950, auth_password_function = 0x55eae20e3e13 <auth_password>, auth_none_function = 0x0, auth_gssapi_mic_function = 0x0, auth_pubkey_function = 0x0, service_request_function = 0x0, channel_open_request_session_function = 0x55eae20e4004 <channel_open>, gssapi_select_oid_function = 0x0, gssapi_accept_sec_ctx_function = 0x0, gssapi_verify_mic_function = 0x0}
#5 0x000055eae20e47c5 in session_thread (arg=0x7f984eb38820) at /tmp/libssh-mirror/examples/ssh_server.c:805
session = 0x7f984eb38820
event = 0x7f984eb38270
#6 0x00007f984eeb119e in ?? () from /lib/ld-musl-x86_64.so.1
No symbol table info available.
#7 0x0000000000000000 in ?? ()
No symbol table info available
Used checkout
commit e8322817a9e5aaef0698d779ddd467a209a85d85 (HEAD, tag: libssh-0.10.4)
Author: Andreas Schneider <asn@cryptomilk.org>
Date: Wed Sep 7 15:30:40 2022 +0200