If you attempt to compile OpenSSH 4.5 with -fbounds-checking (GCC bounds checking patch), it will error when compiling bsd-misc.c. I think the root cause of this bug is that a configure test fails testing if strdup.c works: From config.log: configure:12451: checking for strdup configure:12507: i686-pc-linux-gnu-gcc -o conftest -O2 -march=pentium4 -pipe -Wa,--noexecstack -fbounds-checking -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -std=gnu99 conftest.c -lskey -lutil -lz -lnsl >&5 conftest.c: In function `main': conftest.c:158: error: too few arguments to function `__bounds_check_strdup' conftest.c:158: warning: return makes integer from pointer without a cast configure:12513: $? = 1 configure: failed program was: Later on it will fail compiling bsd-misc.c (that message doesn't appear important, but included for sanity:) i686-pc-linux-gnu-gcc -O2 -march=pentium4 -pipe -Wa,--noexecstack -fbounds-checking -Wall -Wpointer-arith -Wuninitialized -Wsign-compare -std=gnu99 -I. -I.. -I. -I./.. -DHAVE_CONFIG_H -c bsd-misc.c bsd-misc.c:228: error: syntax error before "__extension__" bsd-misc.c:228: error: `__len' undeclared here (not in a function) bsd-misc.c:228: error: initializer element is not constant bsd-misc.c:228: error: syntax error before "if" bsd-misc.c:228: warning: type defaults to `int' in declaration of `__retval' bsd-misc.c:228: error: conflicting types for '__retval' bsd-misc.c:228: error: previous definition of '__retval' was here bsd-misc.c:228: warning: data definition has no type or storage class bsd-misc.c:228: error: syntax error before '}' token bsd-misc.c:233: warning: type defaults to `int' in declaration of `len' bsd-misc.c:233: error: `str' undeclared here (not in a function) bsd-misc.c:233: error: initializer element is not constant bsd-misc.c:233: warning: data definition has no type or storage class bsd-misc.c:234: warning: type defaults to `int' in declaration of `cp' bsd-misc.c:234: error: conflicting types for 'cp' bsd-misc.c:231: error: previous declaration of 'cp' was here bsd-misc.c:234: warning: initialization makes integer from pointer without a cast bsd-misc.c:234: error: initializer element is not constant bsd-misc.c:234: warning: data definition has no type or storage class bsd-misc.c:235: error: syntax error before "if" make[1]: *** [bsd-misc.o] Error 1 make[1]: Leaving directory `/var/tmp/portage/net-misc/openssh-4.5_p1-r1/work/openssh-4.5p1/openbsd-compat' make: *** [openbsd-compat/libopenbsd-compat.a] Error 2 !!! ERROR: net-misc/openssh-4.5_p1-r1 failed. Call stack: ebuild.sh, line 1621: Called dyn_compile ebuild.sh, line 973: Called qa_call 'src_compile' ebuild.sh, line 44: Called src_compile openssh-4.5_p1-r1.ebuild, line 132: Called die Reproducible: Always Steps to Reproduce: 1. set up a suitable CFLAGS environment in /etc/portage/env/net-misc/openssh which includes -fbounds-checking 2. Compile If you don't compile through -fbounds-checking, it compiles as expected.
Compile failures are not a security vulnerability.
i havent looked, but i doubt there is a bug in openssh here unfortunately, the HTB stuff is dead upstream and isnt supported anymore ... it exists merely because it can often times be quite useful in spite of its bugs (and it has some -- i can make it ICE pretty easily) if upstream ever becomes active again, we can reconsider tracking
