[Pkg-openssl-devel] Bug#670581: Bug#670581: openssl: ntpd segfaults with error 4 in libcrypto.so.0.9.8 on Debian squeeze

Andris Kalnozols andris at hpl.hp.com
Fri Apr 27 19:36:00 UTC 2012 

On 4/27/2012 11:44 AM, Kurt Roeckx wrote:
> On Thu, Apr 26, 2012 at 03:28:17PM -0700, Andris Kalnozols wrote:
>> Package: openssl
>> Version: 0.9.8o-4squeeze12
>> Severity: important
>> Tags: squeeze
>>
>> The NTP daemon on our stratum-1 time server `clepsydra.dec.com' keeps
>> failing with this log message:
>>
>> Apr 26 12:27:17 clepsydra kernel: [  635.455671] ntpd[2598]: segfault at 20 ip 00007f727f118ec3 sp 00007fff1ecb9a78 error 4 in libcrypto.so.0.9.8[7f727f039000+175000]
>>
>> When linking with libcrypto.a, crashes still occur:
>>
>> Apr 26 14:20:19 clepsydra kernel: [ 2191.670043] ntpd[2596]: segfault at 20 ip 0000000000470aa3 sp 00007fff49a93e78 error 4 in ntpd[400000+14f000]
>
> Did you try this with 0.9.8o-4squeeze11?  I assume
> 0.9.8o-4squeeze7 didn't have a problem?

I see that the squeeze7 release is still available:

   apt-get install openssl=0.9.8o-4squeeze7
   Reading package lists... Done
   Building dependency tree
   Reading state information... Done
   The following packages will be DOWNGRADED:
     openssl

but trying to install the squeeze11 version gives this:

   E: Version '0.9.8o-4squeeze11' for 'openssl' was not found

I appears that this is just for the kreebsd-amd64 architecture.

 From the changelog, squeeze7 came out in January and I'm pretty
sure that the ntpd process never segfaulted until last month
when subsequent versions of the openssl package were released.
However, apt-get reports that the squeeze{8,9,10} versions are
unavailable to me.

>
>> Despite the following:
>>
>>    clepsydra# ulimit -a
>>    core file size          (blocks, -c) unlimited
>>
>>    running the process as root instead of uid=ntp
>
> I assume you removed the -u option?
>
> How about starting it in gdb?  With the -n option it
> should not fork, but I think gdb has an option to
> follow the fork.

Yes, I modified the init.d startup script to strip out the "-u"
option and run ntpd as root.  After the process aborted, I searched
the entire system for files named "core" and came up empty.

I will try to launch the daemon using gdb(1) and taking advantage
of the "set follow-fork-mode child" option.  I'll use ntpd with
the libcrypto library statically linked.  After getting a stack
backtrace (I hope), I'll downgrade to the squeeze7 version of
openssl as a baseline test to make sure that my assumption of
it not segfaulting is correct.

Thanks,
Andris

More information about the Pkg-openssl-devel mailing list