[Pkg-openssl-devel] Bug#670581: Bug#670581: openssl: ntpd segfaults with error 4 in libcrypto.so.0.9.8 on Debian squeeze
Andris Kalnozols
andris at hpl.hp.com
Fri Apr 27 22:56:03 UTC 2012
On 4/27/2012 11:44 AM, Kurt Roeckx wrote:
> On Thu, Apr 26, 2012 at 03:28:17PM -0700, Andris Kalnozols wrote:
>> Package: openssl
>> Version: 0.9.8o-4squeeze12
>> Severity: important
>> Tags: squeeze
>>
>> The NTP daemon on our stratum-1 time server `clepsydra.dec.com' keeps
>> failing with this log message:
>>
>> Apr 26 12:27:17 clepsydra kernel: [ 635.455671] ntpd[2598]: segfault at 20 ip 00007f727f118ec3 sp 00007fff1ecb9a78 error 4 in libcrypto.so.0.9.8[7f727f039000+175000]
>>
>> When linking with libcrypto.a, crashes still occur:
>>
>> Apr 26 14:20:19 clepsydra kernel: [ 2191.670043] ntpd[2596]: segfault at 20 ip 0000000000470aa3 sp 00007fff49a93e78 error 4 in ntpd[400000+14f000]
OK, some progress. I was able to get a stack backtrace with gdb:
clepsydra# gdb /usr/sbin/ntpd
Reading symbols from /usr/sbin/ntpd...done.
(gdb) set set follow-fork-mode child
No symbol "set" in current context.
(gdb) set follow-fork-mode child
(gdb) run -4 -g
Starting program: /usr/sbin/ntpd -4 -g
[Thread debugging using libthread_db enabled]
[New process 4749]
[Thread debugging using libthread_db enabled]
[tcsetpgrp failed in terminal_inferior: No such process]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fe9700 (LWP 4749)]
0x00000000004776d3 in EVP_DigestUpdate ()
(gdb) bt
#0 0x00000000004776d3 in EVP_DigestUpdate ()
#1 0x000000000041c5ee in session_key (srcadr=0x7d50f0, dstadr=0x7db1b0,
keyno=0, private=<value optimized out>, lifetime=0) at ntp_crypto.c:233
#2 0x00000000004254db in fast_xmit (rbufp=0x7d50e0,
xmode=<value optimized out>, xkeyid=510781053, flags=<value
optimized out>)
at ntp_proto.c:3320
#3 0x00000000004260a7 in receive (rbufp=0x7d50e0) at ntp_proto.c:476
#4 0x00000000004128c9 in ntpdmain (argc=3, argv=0x7fffffffe678) at
ntpd.c:1172
#5 0x00007ffff6fecc8d in __libc_start_main () from /lib/libc.so.6
#6 0x00000000004047a9 in _start ()
Appended is the session_key() function from `ntp_crypto.c' where the failure
is occurring. Let me know whatever debugging steps you would like me to do.
Thanks,
Andris
/*
* session_key - generate session key
*
* This routine generates a session key from the source address,
* destination address, key ID and private value. The value of the
* session key is the MD5 hash of these values, while the next key ID is
* the first four octets of the hash.
*
* Returns the next key ID or 0 if there is no destination address.
*/
keyid_t
session_key(
sockaddr_u *srcadr, /* source address */
sockaddr_u *dstadr, /* destination address */
keyid_t keyno, /* key ID */
keyid_t private, /* private value */
u_long lifetime /* key lifetime */
)
{
EVP_MD_CTX ctx; /* message digest context */
u_char dgst[EVP_MAX_MD_SIZE]; /* message digest */
keyid_t keyid; /* key identifer */
u_int32 header[10]; /* data in network byte order */
u_int hdlen, len;
if (!dstadr)
return 0;
/*
* Generate the session key and key ID. If the lifetime is
* greater than zero, install the key and call it trusted.
*/
hdlen = 0;
switch(AF(srcadr)) {
case AF_INET:
header[0] = NSRCADR(srcadr);
header[1] = NSRCADR(dstadr);
header[2] = htonl(keyno);
header[3] = htonl(private);
hdlen = 4 * sizeof(u_int32);
break;
case AF_INET6:
memcpy(&header[0], PSOCK_ADDR6(srcadr),
sizeof(struct in6_addr));
memcpy(&header[4], PSOCK_ADDR6(dstadr),
sizeof(struct in6_addr));
header[8] = htonl(keyno);
header[9] = htonl(private);
hdlen = 10 * sizeof(u_int32);
break;
}
EVP_DigestInit(&ctx, EVP_get_digestbynid(crypto_nid));
---> EVP_DigestUpdate(&ctx, (u_char *)header, hdlen);
EVP_DigestFinal(&ctx, dgst, &len);
memcpy(&keyid, dgst, 4);
keyid = ntohl(keyid);
if (lifetime != 0) {
MD5auth_setkey(keyno, crypto_nid, dgst, len);
authtrust(keyno, lifetime);
}
DPRINTF(2, ("session_key: %s > %s %08x %08x hash %08x life %lu\n",
stoa(srcadr), stoa(dstadr), keyno,
private, keyid, lifetime));
return (keyid);
}
More information about the Pkg-openssl-devel
mailing list