[Pkg-openssl-devel] Bug#903566: libssl1.1.0f: segfault in ERR_clear_error
Bernd Zeimetz
b.zeimetz at conova.com
Wed Jul 11 13:25:46 BST 2018
Package: libssl1.1
Version: 1.1.0f-3+deb9u2
Severity: important
Hi,
tl;dr: please apply
https://github.com/openssl/openssl/commit/819d18f6116e97845ebe453128f3c2a78e42a785
in stretch.
Long version:
We are running several systems with libnss-pgsql.
Calling getgrent() - in this case from ruby - segafults
while closing the database connection. The backtrace shows
that the segfault is happening at ../crypto/err/err.c:383
while trying to run err_clear(es, i) with es = NULL.
This is fixed since one year in the openssl 1.1.0 stable branch.
Thread 1 "ruby2.3" received signal SIGSEGV, Segmentation fault.
ERR_clear_error () at ../crypto/err/err.c:383
383 ../crypto/err/err.c: No such file or directory.
(gdb) bt full
#0 ERR_clear_error () at ../crypto/err/err.c:383
i = <optimized out>
es = 0x0
#1 0x00007ffff537be7f in pgtls_write (conn=0x555555b81170, ptr=0x555555b86a50, len=5)
at ./build/../src/interfaces/libpq/fe-secure-openssl.c:306
n = <optimized out>
result_errno = 0
sebuf = " \352\377\377\377\177\000\000p9\234\367\377\177\000\000\002", '\000' <repeats 63 times>, "\002", '\000' <repeats 174 times>
err = <optimized out>
ecode = <optimized out>
#2 0x00007ffff537715e in pqsecure_write (conn=conn at entry=0x555555b81170, ptr=ptr at entry=0x555555b86a50, len=len at entry=5)
at ./build/../src/interfaces/libpq/fe-secure.c:289
No locals.
#3 0x00007ffff536e886 in pqSendSome (conn=conn at entry=0x555555b81170, len=5) at ./build/../src/interfaces/libpq/fe-misc.c:855
sent = <optimized out>
ptr = 0x555555b86a50 "X"
remaining = 5
result = 0
#4 0x00007ffff536ea35 in pqFlush (conn=conn at entry=0x555555b81170) at ./build/../src/interfaces/libpq/fe-misc.c:972
No locals.
#5 0x00007ffff536518f in closePGconn (conn=conn at entry=0x555555b81170) at ./build/../src/interfaces/libpq/fe-connect.c:3016
notify = <optimized out>
pstatus = <optimized out>
#6 0x00007ffff53651b6 in PQfinish (conn=0x555555b81170) at ./build/../src/interfaces/libpq/fe-connect.c:3071
No locals.
#7 0x00007ffff558c164 in backend_close (type=type at entry=110 'n') at backend.c:129
No locals.
#8 0x00007ffff558bb2a in cleanup () at config.c:153
No locals.
#9 0x00007ffff6a05940 in __run_exit_handlers (status=0, listp=0x7ffff6d695d8 <__exit_funcs>,
run_list_atexit=run_list_atexit at entry=true, run_dtors=run_dtors at entry=true) at exit.c:83
atfct = <optimized out>
onfct = <optimized out>
cxafct = <optimized out>
f = <optimized out>
#10 0x00007ffff6a0599a in __GI_exit (status=<optimized out>) at exit.c:105
No locals.
#11 0x00007ffff69f02e8 in __libc_start_main (main=0x5555555548d0 <main>, argc=2, argv=0x7fffffffeb88, init=<optimized out>,
fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffeb78) at ../csu/libc-start.c:325
result = <optimized out>
unwind_buf = {cancel_jmp_buf = {{jmp_buf = {0, -4861333080558588301, 93824992233760, 140737488350080, 0, 0,
-1595323182457082253, -1595306961704767885}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x7fffffffeba0,
0x7ffff7ffe170}, data = {prev = 0x0, cleanup = 0x0, canceltype = -5216}}}
not_first_call = <optimized out>
#12 0x000055555555494a in _start ()
No symbol table info available.
Thanks a lot,
Bernd
--
Bernd Zeimetz
Senior Systems Engineer
Debian Developer, Palo Alto ACE
conova communications GmbH
Zentrale Salzburg
Karolingerstraße 36a
5020 Salzburg, Austria
T +43 662/22 00-313
M +43 676/830 50 313
b.zeimetz at conova.com
www.conova.com
Gesetzliche Pflichtangaben:
www.conova.com/impressum
www.conova.com/datenschutz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3618 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-openssl-devel/attachments/20180711/1973ffb0/attachment.bin>
More information about the Pkg-openssl-devel
mailing list