Page MenuHomePhabricator
Create Task
Maniphest T210

Crash in libssh in canonical multipass due to certain entries in `~/.ssh/config`
Open, Needs TriagePublic
Actions

Description

Canonical multipass, which is in turn used by ubuntu snapcraft may crash unless ~/.ssh/config is moved away. This seems to be due to two issues. One of them is in multipass, that lets libssh parse ~/.ssh/config when there is no reason to do so. The second one seems to be in libssh itself that ends up crashing on pieces of configuration in ~/.ssh/config that it does not understand.

For instance, proxyjump entries or pointers to keys that do not exist seem to be enough to cause the crash.

I believe that the version of libssh in multipass may not be the latest one (probably 0.90). Hence, please forgive the noise if this issue has already been cleared.

Otherwise, https://github.com/canonical/multipass/issues/1259 may constitute a pointer for a bug in libssh.

Event Timeline

Jakuje added a subscriber: Jakuje.Dec 27 2019, 9:56 PM

Without information about the libssh version, what configuration file was used (at least the offending match line), more verbose libssh logs (there is quite a lot of tracing logs around), it is hard to guess what went wrong with the parsing.

callegar added a comment.Dec 28 2019, 10:06 AM

Indeed. For the time being, I have opened the bug to follow the multipass issue, where I hope that this data shall be made available. In the meantime, proxyjump as in ProxyJump = myhost seems to be a trigger for the issue.

Jakuje added a comment.Dec 28 2019, 2:13 PM

The backtrace in the attached issue points to the match block parsing:

0   libsystem_c.dylib             	0x00007fff6acc7b44 strcasecmp_l + 92
1   libssh.4.dylib                	0x0000000107d27bbe ssh_config_get_match_opcode + 78
2   libssh.4.dylib                	0x0000000107d2608b ssh_config_parse_line + 763
3   libssh.4.dylib                	0x0000000107d25cfa ssh_config_parse_file + 266
4   libssh.4.dylib                	0x0000000107d40806 ssh_options_parse_config + 262
5   libssh.4.dylib                	0x0000000107d248e4 ssh_connect + 292

if you have some other crash report, please let us know.