OpenSSL 0.9.8k seg. faults

Bug #942060 reported by Mikhail Kulinich on 2012-02-27
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)

Bug Description

I observe wrong behavior of OpenSSL library in error cases. I.e. when trying to convert DER encoded (malformed in fact) public key into internal OpenSSL structures I get core dump of the whole application. But it seems, it is applicable only in multi threaded environment.

The test case is attached, the command line to compile is: g++ -o d2i -lcrypto -lpthread

~/c-tests/openssl$ lsb_release -rd
Description: Ubuntu 10.04.3 LTS
Release: 10.04

~/c-tests/openssl$ apt-cache policy libssl-dev
  Installed: 0.9.8k-7ubuntu8.8
  Candidate: 0.9.8k-7ubuntu8.8
  Version table:
 *** 0.9.8k-7ubuntu8.8 0
        500 lucid-updates/main Packages
        500 lucid-security/main Packages
        100 /var/lib/dpkg/status
     0.9.8k-7ubuntu8 0
        500 lucid/main Packages

Mikhail Kulinich (tysonite) wrote :
Maarten Bezemer (veger) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. We are sorry that we do not always have the capacity to look at all reported bugs in a timely manner. There have been many changes in Ubuntu since that time you reported the bug and your problem may have been fixed with some of the updates.

I tried your test case with openssl 1.0.1-4ubuntu5 and it did not give any problems:
$ ./d2i
In main: creating thread 0
In main: creating thread 1
In main: creating thread 2
In main: creating thread 3
In main: creating thread 4

It would help us a lot if you could test it using a newer version of openssl to see whether it also solves your problems. When you test it and it is still an issue, kindly upload the updated logs by running apport-collect 942060 and any other logs that are relevant for this particular issue.

Changed in openssl (Ubuntu):
status: New → Incomplete
Launchpad Janitor (janitor) wrote :

[Expired for openssl (Ubuntu) because there has been no activity for 60 days.]

Changed in openssl (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers