Ubuntu
openssl package

Crashes with segmentation fault operating asn1_meth_table

Bug #972783 reported by Märt Põder
20
This bug affects 4 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Expired
High
Unassigned

Bug Description

Trying to update Server Access Certificate with DigiDoc client for Estonian ID cards crashes implicating an OpenSSL problem.

The problem has been there from OpenSSL 1.0.0, but does not happen using OpenSSL 0.9.8.

Debugging with Valgrind gives variety of:

Invalid free() / delete / delete[] / realloc()
Invalid write of size n
Invalid read of size n

The context is:

==5779== at 0x402B06C: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==5779== by 0x6A818C9: CRYPTO_free (mem.c:393)
==5779== by 0x6AEB82A: engine_free_util (eng_lib.c:136)
==5779== by 0x6AEC798: engine_unlocked_finish (eng_init.c:112)
==5779== by 0x6AED607: engine_table_register (eng_table.c:178)
==5779== by 0x6AEFC7A: ENGINE_set_default_pkey_asn1_meths (tb_asnmth.c:106)
==5779== by 0x6AEE3B7: ENGINE_set_default (eng_fat.c:96)

I'm currently testing it on Ubuntu 12.04 beta 2 with

* opensc 0.12.1-1ubuntu4
* libssl1.0.0 1.0.1-2ubuntu4
* qdigidoc 0.4.0-0ubuntu4

The problem has been also tested on Oneiric and discussed in some length at: http://code.google.com/p/esteid/issues/detail?id=168

I attach also some debug logs.

Revision history for this message
Märt Põder (boamaod) wrote :
Revision history for this message
Märt Põder (boamaod) wrote :
Revision history for this message
Märt Põder (boamaod) wrote :
Revision history for this message
Martin-Éric Racine (q-funk) wrote :

Setting severity to High, as this works fine on other distributions featuring the same upstream versions of the dependencies.

Changed in openssl (Ubuntu):
importance: Undecided → Medium
importance: Medium → High
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu):
status: New → Confirmed
Revision history for this message
Märt Põder (boamaod) wrote :

The new OpenSSL 1.0.1-4ubuntu1 didn't change the situation.

Revision history for this message
Colin Watson (cjwatson) wrote :

The linked esteid bug only mentions success on Fedora, and an unspecified version. Exactly what other distributions and versions of OpenSSL has this been verified on either way? Does it happen using the current OpenSSL packages in Debian unstable? Does it happen using unpatched OpenSSL upstream source with the same compiler flags as used in Debian?

Revision history for this message
Märt Põder (boamaod) wrote :

I confirm that the bug occurs on Debian unstable with the latest packages, including openssl 1.0.1a-3

Revision history for this message
Adrien Nader (adrien) wrote :

I've tried to reproduce this crash but I'm not sure how to do it. The various traces attached are informative but without a way to test and experiment, it's difficult to tell the consequences apart from their causes since there seems to be some memory corruption going on. I'm going to mark this as Incomplete to reflect the need for a reproducer.

Changed in openssl (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Launchpad Janitor (janitor) wrote :

[Expired for openssl (Ubuntu) because there has been no activity for 60 days.]

Changed in openssl (Ubuntu):
status: Incomplete → Expired
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.