[Pkg-openssl-devel] Bug#624254: libssl1.0.0: segfault when attempting a secured PostgreSQL connection

Marc Dequènes (Duck) duck at duckcorp.org
Tue Apr 26 21:49:57 UTC 2011 

Package: libssl1.0.0
Version: 1.0.0d-2
Severity: important

Coin,

In a program, i'm connecting to a remote PostgreSQL server using TLS,  
which now gives the following result:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f384f495700 (LWP 14122)]
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()
#1  0x00007f38499c41d5 in int_update (ctx=<value optimized out>,  
data=<value optimized out>, count=<value optimized out>) at  
hm_pmeth.c:144
#2  0x00007f3849d3114b in tls1_mac (ssl=0x1118eb0,
     md=0x1826f81  
"\307+\225\336\070\240\004\210~\322]\345\026\245\341\325\354\016\034\024ZP\r3$\351R\257\277Q[\033\312ƾn\254~\242I2O\006\065\221yƀ\202\252\275<\352Xf\235\277\332\321s", <incomplete sequence \306>, send=1) at  
t1_enc.c:932
#3  0x00007f3849d28e86 in do_ssl3_write (s=0x1118eb0, type=22,  
buf=0x197b5b0 "\024", len=16, create_empty_fragment=0) at s3_pkt.c:771
#4  0x00007f3849d28fe6 in ssl3_write_bytes (s=0x1118eb0, type=22,  
buf_=0x197b5b0, len=<value optimized out>) at s3_pkt.c:603
#5  0x00007f3849d2a422 in ssl3_do_write (s=0x1118eb0, type=22) at  
s3_both.c:132
#6  0x00007f3849d24fc4 in ssl3_connect (s=0x1118eb0) at s3_clnt.c:456
#7  0x00007f3849f7f8b3 in open_client_SSL (conn=0x126e670) at fe-secure.c:1161
#8  0x00007f3849f7df19 in pqsecure_open_client (conn=0x126e670) at  
fe-secure.c:284
#9  0x00007f3849f689a3 in PQconnectPoll (conn=0x126e670) at fe-connect.c:1926
#10 0x00007f3849f67bc5 in connectDBComplete (conn=0x126e670) at  
fe-connect.c:1359
#11 0x00007f3849f661e3 in PQconnectdb (conninfo=0x126e5a0 "host='xxx'  
port='5432' dbname='xxx' user='xxx' password='xxx'") at fe-connect.c:400
[…]

The program as not changed, and worked using libpq5 9.0.3-1. What made  
me think it is a libssl bug and not a postgresql is it appeared right  
after upgrading libpq5 to 9.0.3-1+b1, and the reason for this binary  
rebuild was (according to wb): Rebuild against libssl1.0.0.

Btw, as the debian/rules does not honour the nocheck build option, and  
the upstream build system is custom, i had no quick way to disable  
optimizations.

Regards.

-- 
Marc Dequènes (Duck)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20110426/9b9b9e90/attachment.pgp>

More information about the Pkg-openssl-devel mailing list