Re: Port Forward Limit?

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Fri, 26 Sep 2014, Todd Morgan wrote:

> At my company we use port forwarding as an alternative to VPN. In previous
> releases of openssh (pre 6.0) we could run a script and fetch the thousands
> of forwards to our local machine to connect to remote machines. Since
> openssh 6.x, whenever we run the same script we get a bufferoverflow error.
> 
> ----
> debug1: channel 4577: new [port listener]
> debug1: channel 4578: new [client-session]
> debug1: Requesting no-more-sessions@xxxxxxxxxxx
> debug1: Entering interactive session.
> *** buffer overflow detected ***: ssh terminated
> ======= Backtrace: =========
> /lib64/libc.so.6(__fortify_fail+0x37)[0x7f3516baf8f7]
> /lib64/libc.so.6(+0x10bac0)[0x7f3516badac0]
> /lib64/libc.so.6(+0x10d867)[0x7f3516baf867]
> ssh(+0x26825)[0x7f3519304825]
> ssh(+0x2aece)[0x7f3519308ece]
> ssh(+0x12d05)[0x7f35192f0d05]
> ssh(+0xb3ee)[0x7f35192e93ee]
> /lib64/libc.so.6(__libc_start_main+0xf5)[0x7f3516ac3af5]
> ssh(+0xc289)[0x7f35192ea289]
>  ----
> 
> I assume this is a security measure to thwart overflow attacks. I've tried
> utilizing multiplexing, but received the same type of buffer overflow.
> 
> Are there any settings that I can change to allow for more forwards? At the
> moment we have a work around to only pull back ports in batches but that
> isn't a long term solution.
> 
> Any advice would be appreciated. Thanks

It looks like it is crashing inside libc, but it is hard to tell. Did
you build OpenSSH yourself? If so, could you try compiling with debugging
symbols enabled (ensure -g is in Makefile CFLAGS, "make clean; make").
Then try to run ssh under a debugger, e.g. from your build directory

gdb --args ./ssh user@host

When it crashes, enter "bt" to get a backtrace. That should give us a good
start to figure out what is going wrong.

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev




[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux