[Pkg-openssl-devel] Potential security hole in openssl

Julian Gilbey jdg at polya.uklinux.net
Wed Feb 28 22:00:34 CET 2007 

I've been trying to get proxytunnel to tunnel via HTTPS.  I've been
trying the latest version of proxytunnel (1.7.0, available from
proxytunnel.sourceforge.net), but the openssl library segfaults.  (I
am working on a Debian testing system.)  I have also tested this on
the unstable version - see below.

I don't know whether this is a potential security hole in openssl, but
here is a detailed description of what happened:

 burnside:~ $ proxytunnel -v -p localhost:443 -d burnside:8080 -E
 SSL client to proxy enabled
 Local proxy localhost resolves to 127.0.0.1
 Connected to localhost:443 (local proxy)
 Tunneling to burnside:8080 (destination)
 Connect string sent to local proxy:
 -> CONNECT burnside:8080 HTTP/1.0
 -> Proxy-Connection: Keep-Alive
 Data received from local proxy:
 <- HTTP/1.0 200 Connection Established
 <- Proxy-agent: Apache/2.2.3 (Debian) mod_python/3.2.10 Python/2.4.4 PHP/5.2.0-8 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8
 Tunnel established
 Segmentation fault
 burnside:~ $

I rebuilt the etch openssl package (version 0.9.8c-4) library with no
optimisation and install a debugging version to see whether that helps
when I do a backtrace...

How interesting: it fails when trying to determine the block size:

Program received signal SIGSEGV, Segmentation fault.
0xb7ef0963 in ssl2_enc (s=0x806cae8, send=0) at s2_enc.c:140
140             bs=ds->cipher->block_size;
(gdb) bt
#0  0xb7ef0963 in ssl2_enc (s=0x806cae8, send=0) at s2_enc.c:140
#1  0xb7ef1055 in ssl2_read_internal (s=0x806cae8, buf=0xbf83fe50, len=65536,
    peek=0) at s2_pkt.c:266
#2  0xb7ef11c7 in ssl2_read (s=0x806cae8, buf=0xbf83fe50, len=65536)
    at s2_pkt.c:309
#3  0xb7f100fa in SSL_read (s=0x806cae8, buf=0xbf83fe50, num=65536)
    at ssl_lib.c:871
#4  0x0804d09d in stream_copy (pts_from=0x8062e10, pts_to=0x8062810)
    at ptstream.c:153
#5  0x0804a744 in cpio (stream1=0x8062810, stream2=0x8062e10) at io.c:151
#6  0x08049d99 in main (argc=78537217, argv=0x8984ec3) at proxytunnel.c:433
(gdb) p ds
$1 = (EVP_CIPHER_CTX *) 0x8083d70
(gdb) p ds->cipher
$2 = (const EVP_CIPHER *) 0x2f4c5353
(gdb) p ds->cipher->block_size
Cannot access memory at address 0x2f4c5357
(gdb)

That's just plain weird, but I don't know enough about the openssl
library to know where this bug actually originates, whether in
proxytunnel or elsewhere.

Tracing back a bit further, ssl2_enc is called from
ssl2_read_internal in s2_pkt.c, in a block which begins:

                /* added a check for length > max_size in case
                 * encryption was not turned on yet due to an error */
                if ((!s->s2->clear_text) &&
                        (s->s2->rlength >= mac_size))

I then tried with the unstable version (0.9.8e-2), and got the same
error.  This time, the backtrace is:

(gdb) bt
#0  0xb7ef5ab3 in ssl2_enc (s=0x806cc00, send=0) at s2_enc.c:146
#1  0xb7ef6416 in ssl2_read_internal (s=0x806cc00, buf=0xbfe6c480, len=65536,
    peek=0) at s2_pkt.c:266
#2  0xb7f0f898 in SSL_read (s=0x30, buf=0xbfe6c480, num=65536) at ssl_lib.c:871
#3  0x0804d09d in stream_copy (pts_from=0x8062e10, pts_to=0x8062810)
    at ptstream.c:153
#4  0x0804a744 in cpio (stream1=0x8062810, stream2=0x8062e10) at io.c:151
#5  0x08049d99 in main (argc=Cannot access memory at address 0x30
) at proxytunnel.c:433
(gdb) p ds
$1 = (EVP_CIPHER_CTX *) 0x8083e90
(gdb) p ds->cipher
$2 = (const EVP_CIPHER *) 0x2f4c5353
(gdb) p ds->cipher->block_size
Cannot access memory at address 0x2f4c5357


I am concerned that a segfault at a low level in the ssl libraries
could potentially be exploitable, but know nowhere near enough to
determine whether this is or is not the case.  I have attached the
output of openssl's "make report", in case this is of help.

HTH,

   Julian
-------------- next part --------------
OpenSSL self-test report:

OpenSSL version:  0.9.8c
Last change:      Avoid PKCS #1 v1.5 signature attack discovered by Danie...
Options:          enable-shared --prefix=/usr --openssldir=/usr/lib/ssl enable-zlib no-camellia no-gmp no-idea no-krb5 no-mdc2 no-rc5 no-zlib-dynamic
OS (uname):       Linux burnside 2.6.18-4-k7 #1 SMP Wed Feb 21 16:48:19 UTC 2007 i686 GNU/Linux
OS (config):      i686-whatever-linux2
Target (default): linux-elf
Target:           debian-i386
Compiler:         Using built-in specs.
Target: i486-linux-gnu
Configured with: ../src/configure -v --enable-languages=c,c++,fortran,objc,obj-c++,treelang --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --program-suffix=-4.1 --enable-__cxa_atexit --enable-clocale=gnu --enable-libstdcxx-debug --enable-mpfr --with-tune=i686 --enable-checking=release i486-linux-gnu
Thread model: posix
gcc version 4.1.2 20061115 (prerelease) (Debian 4.1.1-21)

Test passed.

More information about the Pkg-openssl-devel mailing list