[Pkg-openssl-devel] Bug#670581: Bug#670581: openssl: ntpd segfaults with error 4 in libcrypto.so.0.9.8 on Debian squeeze

Fri Apr 27 23:11:39 UTC 2012

On Fri, Apr 27, 2012 at 03:56:03PM -0700, Andris Kalnozols wrote:
> On 4/27/2012 11:44 AM, Kurt Roeckx wrote:
> >On Thu, Apr 26, 2012 at 03:28:17PM -0700, Andris Kalnozols wrote:
> >>Package: openssl
> >>Version: 0.9.8o-4squeeze12
> >>Severity: important
> >>Tags: squeeze
> >>
> >>The NTP daemon on our stratum-1 time server `clepsydra.dec.com' keeps
> >>failing with this log message:
> >>
> >>Apr 26 12:27:17 clepsydra kernel: [  635.455671] ntpd[2598]: segfault at 20 ip 00007f727f118ec3 sp 00007fff1ecb9a78 error 4 in libcrypto.so.0.9.8[7f727f039000+175000]
> >>
> >>When linking with libcrypto.a, crashes still occur:
> >>
> >>Apr 26 14:20:19 clepsydra kernel: [ 2191.670043] ntpd[2596]: segfault at 20 ip 0000000000470aa3 sp 00007fff49a93e78 error 4 in ntpd[400000+14f000]
> 
> OK, some progress.  I was able to get a stack backtrace with gdb:
> 
> clepsydra# gdb /usr/sbin/ntpd
> Reading symbols from /usr/sbin/ntpd...done.
> (gdb) set set follow-fork-mode child
> No symbol "set" in current context.
> (gdb) set follow-fork-mode child
> (gdb) run -4 -g
> Starting program: /usr/sbin/ntpd -4 -g
> [Thread debugging using libthread_db enabled]
> [New process 4749]
> [Thread debugging using libthread_db enabled]
> [tcsetpgrp failed in terminal_inferior: No such process]
> 
> Program received signal SIGSEGV, Segmentation fault.
> [Switching to Thread 0x7ffff7fe9700 (LWP 4749)]
> 0x00000000004776d3 in EVP_DigestUpdate ()
> (gdb) bt
> #0  0x00000000004776d3 in EVP_DigestUpdate ()
> #1  0x000000000041c5ee in session_key (srcadr=0x7d50f0, dstadr=0x7db1b0,
>     keyno=0, private=<value optimized out>, lifetime=0) at ntp_crypto.c:233
> #2  0x00000000004254db in fast_xmit (rbufp=0x7d50e0,
>     xmode=<value optimized out>, xkeyid=510781053, flags=<value
> optimized out>)
>     at ntp_proto.c:3320
> #3  0x00000000004260a7 in receive (rbufp=0x7d50e0) at ntp_proto.c:476
> #4  0x00000000004128c9 in ntpdmain (argc=3, argv=0x7fffffffe678) at
> ntpd.c:1172
> #5  0x00007ffff6fecc8d in __libc_start_main () from /lib/libc.so.6
> #6  0x00000000004047a9 in _start ()
> 
> 
> Appended is the session_key() function from `ntp_crypto.c' where the failure
> is occurring.  Let me know whatever debugging steps you would like me to do.

header and hdlen from frame 1 would be nice.

Could you also install the libssl0.9.8-dbg package?  You'll get
debug symbols then.

Kurt