Ticket #243 (new defect)

Opened 5 years ago

Last modified 5 years ago

curl + libssh2 segfault with SFTP

Reported by: tony2001 Owned by:
Priority: normal Milestone:
Component: SFTP Version: 1.4.1
Keywords: Cc:
Blocked By: Blocks:

Description

curl is the last stable version from the cURL website (curl-7.26.0).
libssh2 is a fresh Git checkout (libssh2-HEAD-499b22c).

# curl -u user:password sftp://127.0.0.1

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff62d858b in kex_method_diffie_hellman_group14_sha1_key_exchange (session=0x65ee60, key_state=0xb7) at kex.c:804
804 key_state->state = libssh2_NB_state_idle;
(gdb) bt
#0 0x00007ffff62d858b in kex_method_diffie_hellman_group14_sha1_key_exchange (session=0x65ee60, key_state=0xb7) at kex.c:804
#1 0x00007ffff62da721 in _libssh2_kex_exchange (session=0x65ee60, reexchange=0, key_state=0x66bb00) at kex.c:1759
#2 0x00007ffff62e33c0 in session_startup (session=0x65ee60, sock=7) at session.c:718
#3 0x00007ffff62e366d in libssh2_session_handshake (session=0x65ee60, sock=7) at session.c:796
#4 0x00007ffff7ba0ff2 in ssh_statemach_act () from /tmp/libssh/lib64/libcurl.so.4
#5 0x00007ffff7ba68c3 in ssh_easy_statemach () from /tmp/libssh/lib64/libcurl.so.4
#6 0x00007ffff7ba6cb1 in ssh_connect () from /tmp/libssh/lib64/libcurl.so.4
#7 0x00007ffff7b759db in Curl_protocol_connect () from /tmp/libssh/lib64/libcurl.so.4
#8 0x00007ffff7b78fc0 in Curl_setup_conn () from /tmp/libssh/lib64/libcurl.so.4
#9 0x00007ffff7b79143 in Curl_connect () from /tmp/libssh/lib64/libcurl.so.4
#10 0x00007ffff7b89625 in connect_host () from /tmp/libssh/lib64/libcurl.so.4
#11 0x00007ffff7b89902 in Curl_do_perform () from /tmp/libssh/lib64/libcurl.so.4
#12 0x00007ffff7b89c6d in Curl_perform () from /tmp/libssh/lib64/libcurl.so.4
#13 0x00007ffff7b8a5e5 in curl_easy_perform () from /tmp/libssh/lib64/libcurl.so.4
#14 0x000000000040f688 in operate ()
#15 0x000000000040ab3d in main ()

==19042== Use of uninitialised value of size 8
==19042== at 0x671B58B: kex_method_diffie_hellman_group14_sha1_key_exchange (kex.c:804)
==19042== by 0x671D720: _libssh2_kex_exchange (kex.c:1759)
==19042== by 0x67263BF: session_startup (session.c:718)
==19042== by 0x672666C: libssh2_session_handshake (session.c:796)
==19042== by 0x4E87FF1: ssh_statemach_act (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E8D8C2: ssh_easy_statemach (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E8DCB0: ssh_connect (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E5C9DA: Curl_protocol_connect (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E5FFBF: Curl_setup_conn (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E60142: Curl_connect (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E70624: connect_host (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E70901: Curl_do_perform (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E70C6C: Curl_perform (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E715E4: curl_easy_perform (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x40F687: operate (in /tmp/libssh/bin/curl)
==19042== by 0x40AB3C: main (in /tmp/libssh/bin/curl)
==19042==
==19042== Invalid write of size 4
==19042== at 0x671B58B: kex_method_diffie_hellman_group14_sha1_key_exchange (kex.c:804)
==19042== by 0x671D720: _libssh2_kex_exchange (kex.c:1759)
==19042== by 0x67263BF: session_startup (session.c:718)
==19042== by 0x672666C: libssh2_session_handshake (session.c:796)
==19042== by 0x4E87FF1: ssh_statemach_act (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E8D8C2: ssh_easy_statemach (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E8DCB0: ssh_connect (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E5C9DA: Curl_protocol_connect (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E5FFBF: Curl_setup_conn (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E60142: Curl_connect (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E70624: connect_host (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E70901: Curl_do_perform (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E70C6C: Curl_perform (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x4E715E4: curl_easy_perform (in /tmp/libssh/lib64/libcurl.so.4.2.0)
==19042== by 0x40F687: operate (in /tmp/libssh/bin/curl)
==19042== by 0x40AB3C: main (in /tmp/libssh/bin/curl)
==19042== Address 0xb7 is not stack'd, malloc'd or (recently) free'd

Change History

comment:1 Changed 5 years ago by bagder

  • Milestone 1.4.0 deleted

Milestone 1.4.0 deleted

Note: See TracTickets for help on using tickets.