[pkg-opensc-maint] Bug#923333: libp11-openssl1.1: Double free issue

Kurt Kanzenbach kurt.kanzenbach at linutronix.de
Tue Feb 26 15:28:20 GMT 2019


Source: libp11-openssl1.1
Version: 0.4.4-4
Severity: important
Tags: patch
Control: forwarded -1 https://github.com/OpenSC/libp11/issues/185

Dear Maintainer,

using the pkcs11 back end results in a double-free:

 kurt at kurt tmp % openssl dgst -sha256 -engine pkcs11 -keyform engine -sign "pkcs11:<key>" blub > blub.sig
 engine "pkcs11" set.
 No private keys found.
 PKCS#11 token PIN:
 *** Error in `openssl': double free or corruption (fasttop): 0x0000558e9ed49230 ***
 ======= Backtrace: =========
 /lib/x86_64-linux-gnu/libc.so.6(+0x70bfb)[0x7f3ac5f40bfb]
 /lib/x86_64-linux-gnu/libc.so.6(+0x76fc6)[0x7f3ac5f46fc6]
 /lib/x86_64-linux-gnu/libc.so.6(+0x7780e)[0x7f3ac5f4780e]
 /usr/lib/softhsm/libsofthsm2.so(+0x709e8)[0x7f3ac56149e8]
 /usr/lib/softhsm/libsofthsm2.so(+0x70657)[0x7f3ac5614657]
 /usr/lib/softhsm/libsofthsm2.so(+0x2e967)[0x7f3ac55d2967]
 /usr/lib/softhsm/libsofthsm2.so(C_CloseSession+0x14)[0x7f3ac55b8234]
 /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x1f3dd)[0x7f3ac5a793dd]
 /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x39fe0)[0x7f3ac5a93fe0]
 /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64_inner+0x1cf)[0x7f3ac5856e2f]
 /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64+0x46)[0x7f3ac58571a0]
 /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x2302d)[0x7f3ac5a7d02d]
 /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x23190)[0x7f3ac5a7d190]
 /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so(+0x3a000)[0x7f3ac5a94000]
 /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64_inner+0x1cf)[0x7f3ac5856e2f]
 /usr/lib/x86_64-linux-gnu/libffi.so.6(ffi_closure_unix64+0x46)[0x7f3ac58571a0]
 /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so(+0xb2d5)[0x7f3ac5cca2d5]
 /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so(+0xb737)[0x7f3ac5cca737]
 /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so(+0x5cbe)[0x7f3ac5cc4cbe]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14c13f)[0x7f3ac67dc13f]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14dea2)[0x7f3ac67ddea2]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(OPENSSL_LH_doall+0x41)[0x7f3ac67fd971]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14e22d)[0x7f3ac67de22d]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14c356)[0x7f3ac67dc356]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(OPENSSL_sk_pop_free+0x31)[0x7f3ac6851ca1]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(+0x14c6ac)[0x7f3ac67dc6ac]
 /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1(OPENSSL_cleanup+0x11e)[0x7f3ac67fb9de]
 /lib/x86_64-linux-gnu/libc.so.6(+0x35940)[0x7f3ac5f05940]
 /lib/x86_64-linux-gnu/libc.so.6(+0x3599a)[0x7f3ac5f0599a]
 openssl(+0x2ee64)[0x558e9cab1e64]
 /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf1)[0x7f3ac5ef02e1]
 openssl(+0x2f09a)[0x558e9cab209a]
 ======= Memory map: ========
 [...]

This is already fixed upstream:

 https://github.com/OpenSC/libp11/commit/da725ab727342083478150a203a3c80c4551feb4

The function EVP_PKEY_set1_engine() is available in Stretch's OpenSSL 1.1.

-- System Information:
Debian Release: 9.8
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-0.bpo.2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Invoke-EVP_PKEY_set1_engine-if-OpenSSL-has-it.patch
Type: text/x-diff
Size: 1247 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-opensc-maint/attachments/20190226/a516d66f/attachment.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-opensc-maint/attachments/20190226/a516d66f/attachment.sig>


More information about the pkg-opensc-maint mailing list