BUG: The concurrency of settimeofday and ssh connect would lead to coredump

[wangle6]

Hi, pals:
we found a coredump when we do ssh connection. the basic information as follow:

the stack trace in coredump:
(gdb) bt
#0 0x20007510 in raise () from /lib/libc.so.6
#1 0x2000c718 in abort () from /lib/libc.so.6
#2 0x2053d42c in __mulvsi3 (a=, b=) at /home/l00194794/yocto/c08_sdk/sdk/build/script/cpu_hcc/ppc-linux/../../../toolchain_soft/ppc-linux/src/gcc-4.7.1/libgcc/libgcc2.c:159
#3 0x2050d030 in ms_subtract_diff (start=start@entry=0xbfa20a9c, ms=0x48027c40, ms@entry=0xbfa20a98) at misc.c:871
#4 0x204d2568 in ssh_exchange_identification (timeout_ms=timeout_ms@entry=5000) at sshconnect.c:580
#5 0x204d3e3c in ssh_login (sensitive=sensitive@entry=0x20586ea8, orighost=, hostaddr=hostaddr@entry=0x20586e28, port=, pw=pw@entry=0x20589ae8, timeout_ms=5000)
at sshconnect.c:1346
#6 0x204c433c in main (ac=, av=) at ssh.c:1326

the direct cause of the coredump, is that the function __mulvsi3 in gcc checked the plus operation is overflow, then this gcc function abort().

the reason of the overflow is cause by the time-setting operation when do ssh connect. in function ms_subtract_diff . the timeoutp get a very big value because of the time-change.

So could we add a limitation for the differ of the 2 values get from gettimeofday ? if it's too big, would lead to overflow, we set a default value and report a warning log.

thanks for you attention and expect your reply.
B.R.
Le Wang

[paulidale]

Are you sure this is an OpenSSL problem?
It looks like an OpenSSH one.

The functions and source files mentioned don't exist in OpenSSL.

[wangle6]

you are right. it's an OpenSSH probel. Sorry for wasting your time.