Backport OPENSSL_strcasecmp fixes from 3.0 branch
Bug #1975347 reported by
Davide Pesavento
This bug report is a duplicate of:
Bug #1974037: openssl: EVP_EC_gen() segfault without init.
Edit
Remove
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
openssl (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
The recent openssl update to 3.0.2-0ubuntu1.2 in jammy included some buggy changes related to OPENSSL_strcasecmp. Briefly, it's possible for OPENSSL_strcasecmp to be called before the global locale_t object has been initialized, causing a crash in strcasecmp_l. For example, this bug can be trivially triggered with the program below.
#include <openssl/evp.h>
int main()
{
EVP_
}
The problem is already fixed in the openssl-3.0 branch. Please consider backporting this PR https:/
description: | updated |
To post a comment you must log in.
I *think* this is a duplicate of https:/ /bugs.launchpad .net/ubuntu/ +source/ openssl/ +bug/1974037 but I'll keep it separate for now as the API used to trigger the issue isn't the same.