The problem persists with libgcrypt7_1.1.90-9 and libgnutls10_1.0.4-3.
However, the bug is not in gcry_mpi_get_opaque(), but in _gcry_mpi_copy()
gdb provides inaccurate backtrace when libgcrypt7 is compiled with -O2
That's what I got when I reproduced the problem with slapd, gnutls10 and
libgcrypt7 recompiled with DEB_BUILD_OPTIONS="noopt nostrip"
(gdb) bt
#0 0x402a53f5 in _gcry_mpi_copy (a=0x8116a58) at mpiutil.c:229
#1 0x402a57d0 in gcry_mpi_copy (a=0x8116a58) at mpiutil.c:343
#2 0x401ffcb8 in _gnutls_get_dh_params (dh_primes=0x8119ac8,
ret_p=0xbf7fc248, ret_g=0xbf7fc244) at gnutls_dh_primes.c:45
#3 0x401ffb8f in proc_dhe_client_kx (session=0x814a480, data=0x814d818
"", _data_size=98) at auth_dhe.c:268
#4 0x401ebc37 in _gnutls_recv_client_kx_message (session=0x814a480) at
gnutls_kx.c:329
#5 0x401e81c3 in _gnutls_handshake_server (session=0x814a480) at
gnutls_handshake.c:2241
#6 0x401e6ca9 in gnutls_handshake (session=0x814a480) at
gnutls_handshake.c:1892
#7 0x400529a7 in SSL_do_handshake (ssl=0x8147598, end=GNUTLS_SERVER) at
gnutls.c:627
#8 0x40052acd in gnutls_SSL_accept (ssl=0x8147598) at gnutls.c:670
#9 0x40050394 in ldap_pvt_tls_accept (sb=0x814e230, ctx_arg=0x0) at
tls.c:928
#10 0x08058ff0 in connection_read ()
#11 0x080564ab in slapd_daemon_destroy ()
#12 0x4032be51 in pthread_start_thread () from /lib/libpthread.so.0
#13 0x4032becf in pthread_start_thread_event () from
/lib/libpthread.so.0
#14 0x4046169a in clone () from /lib/libc.so.6
slapd segfaults, because:
(gdb) p a->d
$2 = (mpi_limb_t *) 0x10
The bug can be reproduced this way:
1) Start slapd ( slapd -d0 -h "ldap:/// ldaps:///" ). Be sure TLS is
enabled in slapd.conf
2) Run the script below concurrently in 4 (the number may vary) consoles
I=1; while ldapwhoami -ZZ -D "<your login DN>" -w "<password>" -x > /dev/null; do I=$[I+1]; done
3) Patience. Usually slapd crashes in 1-2 mins (on Pentium4
2.67ghz), however, sometimes it keeps running for 5-10 mins or even
more. If you were waiting for too long with no "success", restart slapd
and rerun the scripts. You may try increasing/decreasing the number of
concurrent instances of the script too.
By the way, I was able to trigger the bug only with the script
concurrenly running in two or more consoles, so it seems that the bug
only occurs in a threaded environment.
Versions of packages libgcrypt7 depends on:
ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an
ii libgpg-error0 0.7-3 library for common error values an
Message-Id: <email address hidden>
Date: Mon, 19 Jul 2004 16:06:16 +0300
From: Modestas Vainius <email address hidden>
To: Debian Bug Tracking System <email address hidden>
Subject: libgcrypt7: more info
Package: libgcrypt7
Version: 1.1.90-9
Followup-For: Bug #244827
Hello,
The problem persists with libgcrypt7_1.1.90-9 and libgnutls10_ 1.0.4-3. get_opaque( ), but in _gcry_mpi_copy() OPTIONS= "noopt nostrip"
However, the bug is not in gcry_mpi_
gdb provides inaccurate backtrace when libgcrypt7 is compiled with -O2
That's what I got when I reproduced the problem with slapd, gnutls10 and
libgcrypt7 recompiled with DEB_BUILD_
(gdb) bt get_dh_ params (dh_primes= 0x8119ac8, dh_primes. c:45 recv_client_ kx_message (session=0x814a480) at handshake_ server (session=0x814a480) at handshake. c:2241 handshake. c:1892 destroy () start_thread () from /lib/libpthread .so.0 start_thread_ event () from .so.0
#0 0x402a53f5 in _gcry_mpi_copy (a=0x8116a58) at mpiutil.c:229
#1 0x402a57d0 in gcry_mpi_copy (a=0x8116a58) at mpiutil.c:343
#2 0x401ffcb8 in _gnutls_
ret_p=0xbf7fc248, ret_g=0xbf7fc244) at gnutls_
#3 0x401ffb8f in proc_dhe_client_kx (session=0x814a480, data=0x814d818
"", _data_size=98) at auth_dhe.c:268
#4 0x401ebc37 in _gnutls_
gnutls_kx.c:329
#5 0x401e81c3 in _gnutls_
gnutls_
#6 0x401e6ca9 in gnutls_handshake (session=0x814a480) at
gnutls_
#7 0x400529a7 in SSL_do_handshake (ssl=0x8147598, end=GNUTLS_SERVER) at
gnutls.c:627
#8 0x40052acd in gnutls_SSL_accept (ssl=0x8147598) at gnutls.c:670
#9 0x40050394 in ldap_pvt_tls_accept (sb=0x814e230, ctx_arg=0x0) at
tls.c:928
#10 0x08058ff0 in connection_read ()
#11 0x080564ab in slapd_daemon_
#12 0x4032be51 in pthread_
#13 0x4032becf in pthread_
/lib/libpthread
#14 0x4046169a in clone () from /lib/libc.so.6
slapd segfaults, because:
(gdb) p a->d
$2 = (mpi_limb_t *) 0x10
The bug can be reproduced this way:
1) Start slapd ( slapd -d0 -h "ldap:/// ldaps:///" ). Be sure TLS is
enabled in slapd.conf
2) Run the script below concurrently in 4 (the number may vary) consoles
I=1; while ldapwhoami -ZZ -D "<your login DN>" -w "<password>" -x > /dev/null; do I=$[I+1]; done
3) Patience. Usually slapd crashes in 1-2 mins (on Pentium4 decreasing the number of
2.67ghz), however, sometimes it keeps running for 5-10 mins or even
more. If you were waiting for too long with no "success", restart slapd
and rerun the scripts. You may try increasing/
concurrent instances of the script too.
By the way, I was able to trigger the bug only with the script
concurrenly running in two or more consoles, so it seems that the bug
only occurs in a threaded environment.
"info sharedlibrary" says the following:
(gdb) info sharedlibrary libldap_ r.so.2 liblber. so.2 libdb-4. 2.so libiodbc. so.2 libiodbcinst. so.2 libslp. so.1 libsasl2. so.2 libgnutls. so.10 libtasn1. so.2 libgcrypt. so.7 libgpg- error.so. 0 .so.0 libltdl. so.3 files.so. 2 sasl2/libsasldb .so.2 libdb3. so.3 sasl2/libldapdb .so.2 libldap. so.2 sasl2/libcrammd 5.so.2 sasl2/libdigest md5.so. 2 i686/cmov/ libcrypto. so.0.9. 7 sasl2/libotp. so.2 sasl2/libanonym ous.so. 2 sasl2/libplain. so.2 sasl2/liblogin. so.2 sasl2/libntlm. so.2 ldap/back_ bdb.so
>From To Syms Read Shared Object Library
0x400280f0 0x40055920 Yes /usr/lib/
0x4005e5b0 0x40066df0 Yes /usr/lib/
0x40082530 0x4012c2a0 Yes /usr/lib/
0x40144a70 0x40174250 Yes /usr/lib/
0x40181320 0x40188090 Yes /usr/lib/
0x4018cf40 0x40194870 Yes /usr/lib/
0x40199540 0x401b0fd0 Yes /lib/libm.so.6
0x401bb180 0x401c98e0 Yes /usr/lib/
0x401dd530 0x4023a000 Yes /usr/lib/
0x4024d190 0x40258360 Yes /usr/lib/
0x4025f3b0 0x402abf60 Yes /usr/lib/
0x402bfc30 0x402cbac0 Yes /lib/libnsl.so.1
0x402d1820 0x402d1d60 Yes /usr/lib/
0x402d6750 0x402e0f00 Yes /usr/lib/libz.so.1
0x402e6a00 0x402e9330 Yes /lib/libcrypt.so.1
0x403169a0 0x40320ee0 Yes /lib/libresolv.so.2
0x4032a1e0 0x40332d50 Yes /lib/libpthread
0x40378420 0x4037c5e0 Yes /usr/lib/
0x4037eed0 0x4037fdf0 Yes /lib/libdl.so.2
0x40383130 0x40386960 Yes /lib/libwrap.so.0
0x4039fbe0 0x404955d8 Yes /lib/libc.so.6
0x40000c00 0x40011d8f Yes /lib/ld-linux.so.2
0x404bfd90 0x404c5e50 Yes /lib/libnss_
0x40019080 0x4001bbb0 Yes /usr/lib/
0x404d99e0 0x40569a40 Yes /usr/lib/
0x404c7b70 0x404c87a0 Yes /usr/lib/
0x40585f20 0x405b1350 Yes /usr/lib/
0x40577ea0 0x4057a300 Yes /usr/lib/
0x405b9300 0x405c0c50 Yes /usr/lib/
0x405f4910 0x40698780 Yes
/usr/lib/
0x406c7d90 0x406cd4b0 Yes /usr/lib/
0x405c3e00 0x405c5a30 Yes /usr/lib/
0x406d1e00 0x406d3b80 Yes /usr/lib/
0x406d5df0 0x406d7b20 Yes /usr/lib/
0x406da2e0 0x406df2f0 Yes /usr/lib/
0x406e44b0 0x406fef20 Yes /usr/lib/
(gdb)
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (499, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.7-ck1-mdx
Locale: LANG=lt_LT, LC_CTYPE=lt_LT
Versions of packages libgcrypt7 depends on:
ii libc6 2.3.2.ds1-13 GNU C Library: Shared libraries an
ii libgpg-error0 0.7-3 library for common error values an
-- no debconf information