[Pkg-openssl-devel] Bug#642524: libssl1.0.0: crash when using DTLS1
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Fri Sep 23 12:45:55 UTC 2011
Package: libssl1.0.0
Version: 1.0.0e-2
Severity: important
Tags: upstream
Dear Maintainer,
* What led up to the situation?
Trying to establish a DTLS server and connecting with a client makes the server
crash. I used the openssl utility for that.
$ openssl s_server -accept 5555 -keyform pem -certform pem -dtls1 -mtu 1000
-timeout -key certs/rsa-2432.pem -cert certs/cert-rsa-2432.pem
$ openssl s_client -port 5555 -dtls1 -host localhost
The commands above make the server crash. I attach the valgrind output.
-- System Information:
Debian Release: wheezy/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Versions of packages libssl1.0.0 depends on:
ii debconf [debconf-2.0] 1.5.41
ii libc6 2.13-20
ii multiarch-support 2.13-20
ii zlib1g 1:1.2.3.4.dfsg-3
libssl1.0.0 recommends no packages.
libssl1.0.0 suggests no packages.
-- debconf information:
libssl1.0.0/restart-failed:
libssl1.0.0/restart-services:
-------------- next part --------------
==24804== Memcheck, a memory error detector
==24804== Copyright (C) 2002-2010, and GNU GPL'd, by Julian Seward et al.
==24804== Using Valgrind-3.6.1 and LibVEX; rerun with -h for copyright info
==24804== Command: openssl s_server -accept 5555 -keyform pem -certform pem -dtls1 -mtu 1000 -timeout -key ../certs/rsa-2432.pem -cert ../certs/cert-rsa-2432.pem
==24804==
Using default temp DH parameters
Using default temp ECDH parameters
ACCEPT
==24804== Source and destination overlap in memcpy(0x5c6c29d, 0x5c62760, -13)
==24804== at 0x4C28DF6: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24804== by 0x4E59D3A: do_dtls1_write (d1_pkt.c:1456)
==24804== by 0x4E5B481: dtls1_do_write (d1_both.c:331)
==24804== by 0x4E562F5: dtls1_accept (d1_srvr.c:758)
==24804== by 0x436280: ??? (in /usr/bin/openssl)
==24804== by 0x436676: ??? (in /usr/bin/openssl)
==24804== by 0x44C0AB: ??? (in /usr/bin/openssl)
==24804== by 0x43A1BD: ??? (in /usr/bin/openssl)
==24804== by 0x41A73E: ??? (in /usr/bin/openssl)
==24804== by 0x41A26D: ??? (in /usr/bin/openssl)
==24804== by 0x587EEAC: (below main) (libc-start.c:228)
==24804==
==24804== Invalid read of size 1
==24804== at 0x4C28FF0: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24804== by 0x4E59D3A: do_dtls1_write (d1_pkt.c:1456)
==24804== by 0x4E5B481: dtls1_do_write (d1_both.c:331)
==24804== by 0x4E562F5: dtls1_accept (d1_srvr.c:758)
==24804== by 0x436280: ??? (in /usr/bin/openssl)
==24804== by 0x436676: ??? (in /usr/bin/openssl)
==24804== by 0x44C0AB: ??? (in /usr/bin/openssl)
==24804== by 0x43A1BD: ??? (in /usr/bin/openssl)
==24804== by 0x41A73E: ??? (in /usr/bin/openssl)
==24804== by 0x41A26D: ??? (in /usr/bin/openssl)
==24804== by 0x587EEAC: (below main) (libc-start.c:228)
==24804== Address 0x105c62752 is not stack'd, malloc'd or (recently) free'd
==24804==
==24804==
==24804== Process terminating with default action of signal 11 (SIGSEGV)
==24804== Access not within mapped region at address 0x105C62752
==24804== at 0x4C28FF0: memcpy (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==24804== by 0x4E59D3A: do_dtls1_write (d1_pkt.c:1456)
==24804== by 0x4E5B481: dtls1_do_write (d1_both.c:331)
==24804== by 0x4E562F5: dtls1_accept (d1_srvr.c:758)
==24804== by 0x436280: ??? (in /usr/bin/openssl)
==24804== by 0x436676: ??? (in /usr/bin/openssl)
==24804== by 0x44C0AB: ??? (in /usr/bin/openssl)
==24804== by 0x43A1BD: ??? (in /usr/bin/openssl)
==24804== by 0x41A73E: ??? (in /usr/bin/openssl)
==24804== by 0x41A26D: ??? (in /usr/bin/openssl)
==24804== by 0x587EEAC: (below main) (libc-start.c:228)
==24804== If you believe this happened as a result of a stack
==24804== overflow in your program's main thread (unlikely but
==24804== possible), you can try to increase the size of the
==24804== main thread stack using the --main-stacksize= flag.
==24804== The main thread stack size used in this run was 8388608.
==24804==
==24804== HEAP SUMMARY:
==24804== in use at exit: 202,145 bytes in 3,732 blocks
==24804== total heap usage: 4,303 allocs, 571 frees, 277,934 bytes allocated
==24804==
==24804== LEAK SUMMARY:
==24804== definitely lost: 0 bytes in 0 blocks
==24804== indirectly lost: 0 bytes in 0 blocks
==24804== possibly lost: 0 bytes in 0 blocks
==24804== still reachable: 202,145 bytes in 3,732 blocks
==24804== suppressed: 0 bytes in 0 blocks
==24804== Rerun with --leak-check=full to see details of leaked memory
==24804==
==24804== For counts of detected and suppressed errors, rerun with: -v
==24804== ERROR SUMMARY: 2 errors from 2 contexts (suppressed: 4 from 4)
More information about the Pkg-openssl-devel
mailing list