[Pkg-openssl-devel] Bug#766463: ocsp: glibc free(): invalid pointer

Thu Oct 23 10:07:45 UTC 2014

Package: openssl
Version: 1.0.1e-2+deb7u13
Severity: normal

Hello,

i can't use ocsp function, openssl write a file, but a corrupted one :

# openssl ocsp -noverify -no_nonce -issuer 
/tmp/tmp.PJJEhCPIFj/issuer.pem -cert /tmp/tmp.PJJEhCPIFj/main_cert.pem 
-url http://httpproxy:3128 -path http://ocsp.geotrust.com -respout 
wildcard_com.pem.ocsp
/tmp/tmp.PJJEhCPIFj/main_cert.pem: good
     This Update: Oct 22 09:03:26 2014 GMT
     Next Update: Oct 29 09:03:26 2014 GMT
*** glibc detected *** openssl: free(): invalid pointer: 
0x00007fff947e0949 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x76a16)[0x7f95165a7a16]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7f95165ac7bc]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(CRYPTO_free+0x1d)[0x7f9516d51a4d]
openssl[0x45b2c5]
openssl[0x41b314]
openssl[0x41af43]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7f951654fead]
openssl[0x41b0dd]
======= Memory map: ========
00400000-00479000 r-xp 00000000 08:01 792767                             
/usr/bin/openssl
00679000-0067a000 r--p 00079000 08:01 792767                             
/usr/bin/openssl
0067a000-0067f000 rw-p 0007a000 08:01 792767                             
/usr/bin/openssl
0067f000-00680000 rw-p 00000000 00:00 0
00b3e000-00b80000 rw-p 00000000 00:00 0                                  
[heap]
7f9510000000-7f9510021000 rw-p 00000000 00:00 0
7f9510021000-7f9514000000 ---p 00000000 00:00 0
7f9515cf3000-7f9515d08000 r-xp 00000000 08:01 917508                     
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9515d08000-7f9515f08000 ---p 00015000 08:01 917508                     
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9515f08000-7f9515f09000 rw-p 00015000 08:01 917508                     
/lib/x86_64-linux-gnu/libgcc_s.so.1
7f9515f09000-7f9515f1c000 r-xp 00000000 08:01 923191                     
/lib/x86_64-linux-gnu/libresolv-2.13.so
7f9515f1c000-7f951611b000 ---p 00013000 08:01 923191                     
/lib/x86_64-linux-gnu/libresolv-2.13.so
7f951611b000-7f951611c000 r--p 00012000 08:01 923191                     
/lib/x86_64-linux-gnu/libresolv-2.13.so
7f951611c000-7f951611d000 rw-p 00013000 08:01 923191                     
/lib/x86_64-linux-gnu/libresolv-2.13.so
7f951611d000-7f951611f000 rw-p 00000000 00:00 0
7f951611f000-7f9516124000 r-xp 00000000 08:01 923184                     
/lib/x86_64-linux-gnu/libnss_dns-2.13.so
7f9516124000-7f9516323000 ---p 00005000 08:01 923184                     
/lib/x86_64-linux-gnu/libnss_dns-2.13.so
7f9516323000-7f9516324000 r--p 00004000 08:01 923184                     
/lib/x86_64-linux-gnu/libnss_dns-2.13.so
7f9516324000-7f9516325000 rw-p 00005000 08:01 923184                     
/lib/x86_64-linux-gnu/libnss_dns-2.13.so
7f9516325000-7f9516330000 r-xp 00000000 08:01 923185 
/lib/x86_64-linux-gnu/libnss_files-2.13.so
7f9516330000-7f951652f000 ---p 0000b000 08:01 923185 
/lib/x86_64-linux-gnu/libnss_files-2.13.so
7f951652f000-7f9516530000 r--p 0000a000 08:01 923185 
/lib/x86_64-linux-gnu/libnss_files-2.13.so
7f9516530000-7f9516531000 rw-p 0000b000 08:01 923185 
/lib/x86_64-linux-gnu/libnss_files-2.13.so
7f9516531000-7f95166b3000 r-xp 00000000 08:01 923176                     
/lib/x86_64-linux-gnu/libc-2.13.so
7f95166b3000-7f95168b3000 ---p 00182000 08:01 923176                     
/lib/x86_64-linux-gnu/libc-2.13.so
7f95168b3000-7f95168b7000 r--p 00182000 08:01 923176                     
/lib/x86_64-linux-gnu/libc-2.13.so
7f95168b7000-7f95168b8000 rw-p 00186000 08:01 923176                     
/lib/x86_64-linux-gnu/libc-2.13.so
7f95168b8000-7f95168bd000 rw-p 00000000 00:00 0
7f95168bd000-7f95168d3000 r-xp 00000000 08:01 917596                     
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f95168d3000-7f9516ad2000 ---p 00016000 08:01 917596                     
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f9516ad2000-7f9516ad3000 r--p 00015000 08:01 917596                     
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f9516ad3000-7f9516ad4000 rw-p 00016000 08:01 917596                     
/lib/x86_64-linux-gnu/libz.so.1.2.7
7f9516ad4000-7f9516ad6000 r-xp 00000000 08:01 923179                     
/lib/x86_64-linux-gnu/libdl-2.13.so
7f9516ad6000-7f9516cd6000 ---p 00002000 08:01 923179                     
/lib/x86_64-linux-gnu/libdl-2.13.so
7f9516cd6000-7f9516cd7000 r--p 00002000 08:01 923179                     
/lib/x86_64-linux-gnu/libdl-2.13.so
7f9516cd7000-7f9516cd8000 rw-p 00003000 08:01 923179                     
/lib/x86_64-linux-gnu/libdl-2.13.so
7f9516cd8000-7f9516ea2000 r-xp 00000000 08:01 786443 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f9516ea2000-7f95170a2000 ---p 001ca000 08:01 786443 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f95170a2000-7f95170bd000 r--p 001ca000 08:01 786443 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f95170bd000-7f95170cc000 rw-p 001e5000 08:01 786443 
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0
7f95170cc000-7f95170d0000 rw-p 00000000 00:00 0
7f95170d0000-7f9517126000 r-xp 00000000 08:01 786444                     
/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7f9517126000-7f9517326000 ---p 00056000 08:01 786444                     
/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7f9517326000-7f9517329000 r--p 00056000 08:01 786444                     
/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7f9517329000-7f9517330000 rw-p 00059000 08:01 786444                     
/usr/lib/x86_64-linux-gnu/libssl.so.1.0.0
7f9517330000-7f9517350000 r-xp 00000000 08:01 923173                     
/lib/x86_64-linux-gnu/ld-2.13.so
7f9517544000-7f9517548000 rw-p 00000000 00:00 0
7f951754c000-7f951754f000 rw-p 00000000 00:00 0
7f951754f000-7f9517550000 r--p 0001f000 08:01 923173                     
/lib/x86_64-linux-gnu/ld-2.13.so
7f9517550000-7f9517551000 rw-p 00020000 08:01 923173                     
/lib/x86_64-linux-gnu/ld-2.13.so
7f9517551000-7f9517552000 rw-p 00000000 00:00 0
7fff947c0000-7fff947e1000 rw-p 00000000 00:00 0                          
[stack]
7fff947ff000-7fff94800000 r-xp 00000000 00:00 0                          
[vdso]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0                  
[vsyscall]
Aborted

-- System Information:
Debian Release: 7.7
   APT prefers stable
   APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssl depends on:
ii  libc6        2.13-38+deb7u6
ii  libssl1.0.0  1.0.1e-2+deb7u13
ii  zlib1g       1:1.2.7.dfsg-13

openssl recommends no packages.

Versions of packages openssl suggests:
ii  ca-certificates  20130119+deb7u1

-- no debconf information