sshd cause segfault in libc if too many IP addresses on interface

sshd cause segfault in libc during new user connecton if too many IP addresses assigned to any interface

If any network interface in system has too many addresses on it, at every new login sshd cause segfault:

sshd[28944]: segfault at 7fff2d3b6ff0 ip 00007fa8f7ac7ee8 sp 00007fff2d3b6ff0 error 6 in libc-2.15.so[7fa8f79ae000+1b5000]

Script to configure addresses:

#!/bin/bash
ip tuntap add mode tun dev ssh_down
for a in `seq 1 4`; do
        for b in `seq 1 254`; do
                echo "10.$a.$b.x " `date '+%Y-%M-%d %H:%m:%S %s'`|tee -a log
                for c in `seq 1 254`;do
                        ip a a 10.$a.$b.$c/8 dev ssh_down
                done
        done
done

It gonna take some time to generate enough addresses (in my case it was about 20 minutes). Somewhere during that time new ssh connections starts to fail.

In my tests crical point was somewhere near 10.3.200.x (3*253*253=~200k addresses).

Reproducibility: always

Security scope: This bug allow user with netadmin priveleges completely disable new logins to server via ssh.

Steps to reproduce:

1. Run script
2. wait until it done
3. Try to log in to that server.

Expected behavior: successfull login
Actual behavior:
ssh_exchange_identification: read: Connection reset by peer
+
[ 622.730506] sshd[32556]: segfault at 7fff3568ffd0 ip 00007f5d1dda7ee8 sp 00007fff3568ffd0 error 6 in libc-2.15.so[7f5d1dc8e000+1b5000]
in dmesg.

Existing ssh connections are not affected.

Ubuntu version:
Description: Ubuntu 12.04.3 LTS
Release: 12.04

ssh version:
openssh-client 1:5.9p1-5ubuntu1.1
openssh-server 1:5.9p1-5ubuntu1.1
ssh 1:5.9p1-5ubuntu1.1

libc version:
libc-bin 2.15-0ubuntu10.5
libc-dev-bin 2.15-0ubuntu10.5
libc6 2.15-0ubuntu10.5
libc6-dev 2.15-0ubuntu10.5

Kernel version:
linux-image-3.2.0-58-generic 3.2.0-58.88