Your message dated Mon, 06 Jul 2026 19:19:27 +0000
with message-id <[email protected]>
and subject line Bug#1134814: fixed in openssh 1:10.4p1-1
has caused the Debian Bug report #1134814,
regarding openssh-client: Segfault in identity_sign at sshconnect2.c:1418 when 
using RSA certificates
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1134814: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1134814
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssh-client
Version: 1:10.3p1-1
Severity: important
Tags: patch

Dear Maintainer,

I encountered a consistent segmentation fault in the ssh client when
attempting
to authenticate using RSA certificates against a server that supports
the [email protected] extension.

The crash occurs in sshconnect2.c within the identity_sign() function.
Specifically, at line 1418, the code attempts to check id->key->flags
without verifying that id->key is not NULL. In my testing with GDB,
id->key was indeed NULL at this stage, leading to a null pointer
dereference.

GDB Backtrace summary:
#0  identity_sign (id=0x55..., sigp=0x..., lenp=0x..., data=0x...,
datalen=2080,
    compat=67108864, alg=0x55... "[email protected]")
    at ../../sshconnect2.c:1418

(gdb) print *id
$1 = { ..., key = 0x0, filename = "/root/.ssh/pkey", tried = 1, ... }

Here is a patch that adds a NULL check for id->key before
dereferencing it, which resolved the issue in my environment.

Patch

--- sshconnect2.c.orig  2026-04-24 12:04:24.468317131 +0000
+++ sshconnect2.c       2026-04-24 11:22:28.606107940 +0000
@@ -1415,7 +1415,7 @@
         * PKCS#11 tokens may not support all signature algorithms,
         * so check what we get back.
         */
-       if ((id->key->flags & SSHKEY_FLAG_EXT) != 0 &&
+       if (id->key != NULL && (id->key->flags & SSHKEY_FLAG_EXT) != 0 &&
            (r = sshkey_check_sigtype(*sigp, *lenp, alg)) != 0) {
                debug_fr(r, "sshkey_check_sigtype");
                goto out;

-- System Information:
Debian Release: 14 (forky)
Architecture: amd64
Kernel: 6.19.11+deb14-amd64



Cheer Alejandro

--- End Message ---
--- Begin Message ---
Source: openssh
Source-Version: 1:10.4p1-1
Done: Colin Watson <[email protected]>

We believe that the bug you reported is fixed in the latest version of
openssh, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Colin Watson <[email protected]> (supplier of updated openssh package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 06 Jul 2026 19:11:28 +0100
Source: openssh
Architecture: source
Version: 1:10.4p1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSH Maintainers <[email protected]>
Changed-By: Colin Watson <[email protected]>
Closes: 1134814 1141420
Changes:
 openssh (1:10.4p1-1) unstable; urgency=medium
 .
   [ Sven Joachim ]
   * Make doc symlinks relative on upgrade from 1:10.3p1-5 (closes:
     #1141420).
 .
   [ Colin Watson ]
   * New upstream release:
     - SECURITY: sftp(1): when downloading files on the command-line using
       "sftp host:/path .", a malicious server could cause the file to be
       downloaded to an unexpected location. This issue was identified by the
       Swival Security Scanner.
     - SECURITY: scp(1): when copying files between two remote destinations,
       do not allow a malicious server to write files to the parent directory
       of the intended target directory. This issue was identified by the
       Swival Security Scanner.
     - SECURITY: sshd(8): when using the "internal-sftp" SFTP server
       implementation (this is not the default), long command lines were
       previously truncated silently after the 9th argument. If a
       security-relevant option was in the 10th or later position, it would
       be discarded. Reported by Steve Caffrey.
     - SECURITY: sshd(8): add a documentation note to mention that the
       GSSAPIStrictAcceptorCheck option is ineffective when the server is
       joined to a Windows Active Directory. Reported by Yarin Aharoni of
       Safebreach.
     - SECURITY: sshd(8): DisableForwarding=yes didn't override
       PermitTunnel=yes as it was documented to do. Note that PermitTunnel is
       not enabled by default. Reported independently by Huzaifa Sidhpurwala
       of Redhat and Marko Jevtic.
     - SECURITY: sshd(8): avoid a potential pre-authentication denial of
       service when GSSAPIAuthentication was enabled (this feature is off by
       default). This was not mitigated by MaxAuthTries, but would be
       penalised by PerSourcePenalties. This was reported by Manfred Kaiser
       of the milCERT AT (Austrian Ministry of Defence).
     - SECURITY: sshd(8): fix a number of cases where the minimum
       authentication delay was not being enforced. Reported by the Orange
       Cyberdefense Vulnerability Team.
     - SECURITY: ssh(1): fix a possible client-side use-after-free if the
       server changes its host key during a key reexchange. This was reported
       by Zhenpeng (Leo) Lin of Depthfirst.
     - All: add experimental support for a composite post-quantum signature
       scheme that combines ML-DSA 44 and Ed25519 as specified in
       draft-miller-sshm-mldsa44-ed25519-composite-sigs. This scheme is not
       enabled by default. To use it, you'll need to add it to
       HostKeyAlgorithms, PubkeyAcceptedAlgorithms, etc. Keys may be
       generated using "ssh-keygen -t mldsa44-ed25519".
     - ssh(1), sshd(8): replace the wildcard pattern matcher with an
       implementation based on an NFA. This avoids exponential worst-case
       behaviour for the old implementation.
     - ssh-agent(1): fix incorrect reply to "query" SSH_AGENTC_EXTENSION
       requests.
     - sshd(8): avoid sending observably different messages for valid vs
       invalid users in GSSAPIAuthentication (disabled by default).
     - ssh(1), sshd(8): fix several bugs that incorrectly classified bulk
       traffic as interactive.
     - ssh-keygen(1), ssh-add(1): skip unsupported key types when downloading
       resident keys from a FIDO token. Previously, downloads would abort
       when one was encountered.
     - ssh(1): fix a potential use-after-free on an error path if
       cipher_init() fails.
     - sshd(8): perform stricter encoding and validation of transport state
       passed between sshd privilege separation subprocesses. This somewhat
       further hardens the server against attacks on sshd-auth or
       sshd-session subprocesses.
     - ssh-agent(1): avoid possible runtime denial of service by enforcing
       some limits on the length of usernames in key use constraints.
     - sftp(1): fix two separate one-byte out-of-bounds reads, in
       SSH2_FXP_REALPATH and batch command processing.
     - sftp-server(8): disallow use of the copy-data extension to read and
       write to the same inode simultaneously.
     - ssh(1), sshd(8): avoid strlen(NULL) crash if an X11 channel was
       created before the x11-req SSH_MSG_CHANNEL_REQUEST was sent.
     - sftp(1), scp(1): avoid a situation where sftp_download() could get
       stuck in a loop if a broken server repeatedly returned zero length
       while reading a file.
     - ssh(1): avoid leaking DNS0x20 case-randomised names into names
       canonicalised using CanonicalizePermittedCNAMEs.
     - sftp-server(8): avoid truncation of pathnames passed to lstat() during
       SSH_FXP_REALPATH handling on systems where PATH_MAX is not the actual
       max.
     - ssh(1), sshd(8): correct arming of poll(2) event masks for some
       socket-type channels.
     - sshd(8): major refactor of sshd_config parsing and management code, to
       allow for more exact serialisation/deserialisation across privilege
       separation boundaries.
     - ssh-add(1): open connection to the agent only after getopt()
       processing has completed, to give options like "-v" a chance to
       display debug information about this operation.
     - sshd(8): differentiate between execution failures and a subsystem that
       was not found when logging why a subsystem failed to start.
     - All: use safer idioms for timegm(3) and mktime(3) error detection.
     - ssh(1), sshd(8): avoid accepting invalid cipher or MAC lists in config
       files or command-line arguments. This could cause runtime failures
       later.
     - ssh(1): fix NULL deref crash during pubkey auth when using a PEM style
       private key with no corresponding .pub key adjacent to it (closes:
       #1134814).
     - sshd(8): don't print an error message when trying to load a host
       private key when PKCS#11 keys are in use, as these don't need the
       private half on the filesystem.
     - All: don't use deprecated ERR_load_crypto_strings().
     - ssh(1): properly report errors during configuration default setting.
     - ssh(1): use correct directive name (Match instead of Host) in error
       message.
     - sftp(1): fix "ls -ln" which was not correctly showing numeric UID/GIDs
       but rather user and group names.
     - sshd(8): avoid possible NULL dereference if an allocation fails during
       config parsing.
     - All: fix ineffective guards against loading overly large public keys
       in several places.
     - sftp(1): ensure file descriptors used by sftp to communicate to its
       ssh(1) subprocess don't leak into executed subprocesses (e.g. via
       "!").
     - Sync fmt_scaled.c with OpenBSD upstream, picking up an exactness fix
       for large exponents.
     - sshd(8): remove duplicate sandbox entry for clock_gettime64.
     - Sync getrrsetbyname.c with OpenBSD upstream, picking up robustness
       fixes.
     - Fix a number of memory leaks on error paths in the portability code.
     - Revise the README.privsep documentation to reflect sshd's recent
       switch to a multi-binary model.
Checksums-Sha1:
 df9f47c0f27ac289f28a014382b376c751b36030 3651 openssh_10.4p1-1.dsc
 ae8650a71cc52dbbd049519cee276ae6d65c2c4d 2321796 openssh_10.4p1.orig.tar.gz
 024bbb98d37dc35c31a49144770c6e38bfe53829 833 openssh_10.4p1.orig.tar.gz.asc
 eba70bbacbe02995f7eeec31a1dd96a7cd7a8058 208228 openssh_10.4p1-1.debian.tar.xz
Checksums-Sha256:
 878de8e50995ae6a2eaad52c829036729c48a57a104d9ba32d558fb82096ee5e 3651 
openssh_10.4p1-1.dsc
 ef6026dd2aea8d56059638d5d3262902c892ceba9f88395835e0d06d3fb63238 2321796 
openssh_10.4p1.orig.tar.gz
 9206329419c45245913ae42fd290e2ed5b1669df97d9cf0d3e28c06b63035e51 833 
openssh_10.4p1.orig.tar.gz.asc
 5c5d2f7ee53bef6f96355eab24062b82f226ead501dc3f8630f75202f662ca1f 208228 
openssh_10.4p1-1.debian.tar.xz
Files:
 e89a2b713609f72642c98c6a454c45e1 3651 net standard openssh_10.4p1-1.dsc
 c5fb91ded926b38e8956074cac2cd44f 2321796 net standard 
openssh_10.4p1.orig.tar.gz
 105ff131214dc93a4892488bc80b444a 833 net standard 
openssh_10.4p1.orig.tar.gz.asc
 c9d6a49c9f1d34a9b0358f3860a9f1b2 208228 net standard 
openssh_10.4p1-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEErApP8SYRtvzPAcEROTWH2X2GUAsFAmpL+hEACgkQOTWH2X2G
UAtBwBAAhHqb1L4vbgAc1c0LGWm+Ebx6zyCgxVhwa6kHyy/+L2NtUmPIpwSlmIdw
TIbpnKfqVXgvvykMHqXQQOU8fWWt4Q715m4UGv6F0NgDNr7RKicND6DfIlDXdzCp
dwNZFLkqLMIrn8+DzYoNcMN2nN1q62jQ+cVc4q13UvK4uUrxQSGrdAb6dr3zaoMR
/Exj6aPD++Tf5JoOt+BDnqRln/hjhsqnN3NqJ1000PaRi4JzP0YmZOz1/40Ja0dm
yQ6Xo6bg+hasGcMa4GYXdFXFqI6mVRGItZ1CZgCCG9kfvDtXnSzgCC3no7BgW0bU
Iyt5EVlauSiEEePOnn+I9FK+PDmfL6n4CmV2/DM2btbpjFO9g3FjUGRADDA5H6Fo
wE5cEmISiRKO28qjAFyNDpSDqzN1GDE9RKMCf/l5lZLetMl3/8rfkwDRD1L/A5qb
9tz1NyycIH4Qlpv7++WUXzFxLJyQptrGD6Fj6uPdC6mmCAeeo6yy6DwAm5NxtntG
nD2CH8zzHxJ0oLY/6sM8cgEvNfuok6tCNdHeyLUpI8DZXi3tzJToH92yd7uzLt3m
pMM/BY/t05GZ3HabhxOCJi7H/OOk1MwNaDtlJnG1AOkwuYXXUDmwbPGYvXiDjsC5
uJ9SE+LmTcrZ8a/ms24nuf38GPta4mLTDY5OHBUNk6Ixj707nRo=
=LnvT
-----END PGP SIGNATURE-----

Attachment: pgpqVT29sS95c.pgp
Description: PGP signature


--- End Message ---

Reply via email to