Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 16 Mar 2012 21:34:27 +0530
From: Dhiru Kholia <dhiru.kholia@...il.com>
To: john-dev@...ts.openwall.com
Subject: Re: SSH thread-safety

On Fri, Mar 16, 2012 at 5:16 AM, Solar Designer <solar@...nwall.com> wrote:
> Dhiru, magnum, all -
>
> It was reported to me off-list that the "SSH" format in 1.7.9-jumbo-5
> crashes on self-test on a 64-way machine running RHEL 6.2 on x86-64.
>
> I managed to reproduce similar crashes on an 8-core machine by
> increasing OMP_NUM_THREADS:
>
> $ for n in {1..10000}; do OMP_NUM_THREADS=$n GOMP_SPINCOUNT=1000000 ./john -te -fo=ssh; done &> sshout
> *** glibc detected *** double free or corruption (!prev): 0x0000000013d9ac50 ***
> *** glibc detected *** realloc(): invalid next size: 0x0000000000ba0600 ***
> These crashes correspond to these thread counts:
>
> $ fgrep Aborted sshout
> Benchmarking: ssh [32/64]... (44xOMP) Aborted
> Benchmarking: ssh [32/64]... (202xOMP) Aborted

I tried to reproduce the problem on my 3-core machine. I don't see any
glibc errors (Aborted messages) but I do see some random segmentation
faults. I have done some cleanups in SSH format but so far I can
trigger the segfaults.

#0  0x00007f3e8017fbe5 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(gdb) bt
#0  0x00007f3e8017fbe5 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#1  0x00007f3e8018020c in lh_retrieve () from
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#2  0x00007f3e80182c8e in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
CULPRIT ==> #3  0x00007f3e80183b41 in ERR_get_state () from
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#4  0x00007f3e80184edf in ERR_put_error () from
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
PROBLEM HERE ==> #5  0x00007f3e801af771 in PEM_do_header () from
/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
PROBLEM HERE ==> #6  0x0000000000467369 in crypt_all._omp_fn.0 () at
ssh_fmt.c:228
#7  0x00007f3e7f5d7eca in ?? () from /usr/lib/x86_64-linux-gnu/libgomp.so.1
#8  0x00007f3e7f3baefc in start_thread (arg=0x7f3e725f2700) at
pthread_create.c:304
#9  0x00007f3e7f0f589d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112

PEM_do_header() runs into some problem (since it call ERR_put_error
function). According to
http://rt.openssl.org/Ticket/Display.html?id=1915 the problem lies in
ERR_get_state being non-thread-safe. I will try adding the callbacks
to fix this (example is at
http://curl.haxx.se/libcurl/c/threaded-ssl.html).

One thing I don't understand is how CRYPTO_num_locks() returns the
correct number of threads?

-- 
Cheers,
Dhiru

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ