[Syslog-ng-maintainers] Bug#850743: syslog-ng: tls cert check segfault

Peter Gervai grin at grin.hu
Mon Jan 9 20:48:46 GMT 2017 

Package: syslog-ng
Version: 3.8.1-9
Severity: normal
Tags: upstream

See https://github.com/balabit/syslog-ng/issues/1310

syslog-ng segfaults on TLS certificate verification. the bug is not present in 3.7.3

#0  CRYPTO_get_ex_data (ad=0x1d0, idx=idx at entry=0) at crypto/ex_data.c:377
#1  0x00007ffff5b4ef2c in SSL_get_ex_data (s=<optimized out>, idx=idx at entry=0) at ssl/ssl_lib.c:3527
#2  0x00007ffff7b7cb54 in tls_session_verify_callback (ok=0, ctx=0x7fffec00aba0) at ../../lib/tlscontext.c:182
#3  0x00007ffff585d874 in verify_cb_cert (err=<optimized out>, depth=<optimized out>, x=<optimized out>, ctx=<optimized out>) at crypto/x509/x509_vfy.c:162
#4  build_chain (ctx=<optimized out>) at crypto/x509/x509_vfy.c:3209
#5  verify_chain (ctx=0x7fffec00aba0) at crypto/x509/x509_vfy.c:219
#6  0x00007ffff585dc10 in X509_verify_cert (ctx=ctx at entry=0x7fffec00aba0) at crypto/x509/x509_vfy.c:293
#7  0x00007ffff5b460c8 in ssl_verify_cert_chain (s=s at entry=0x555555792240, sk=sk at entry=0x7fffec005170) at ssl/ssl_cert.c:439
#8  0x00007ffff5b586bb in tls_process_server_certificate (s=0x555555792240, pkt=0x7ffff2ea58a0) at ssl/statem/statem_clnt.c:1226
#9  0x00007ffff5b55f1f in read_state_machine (s=0x555555792240) at ssl/statem/statem.c:589
#10 state_machine (s=0x555555792240, server=0) at ssl/statem/statem.c:385
#11 0x00007ffff5b3c2fa in ssl3_write_bytes (s=0x555555792240, type=23, buf_=0x5555557bdf00, len=50) at ssl/record/rec_layer_s3.c:374
#12 0x00007ffff5b4c889 in SSL_write (s=<optimized out>, buf=<optimized out>, num=<optimized out>) at ssl/ssl_lib.c:1605
#13 0x00007ffff7b7d6ea in log_transport_tls_write_method (s=0x555555790070, buf=<optimized out>, buflen=<optimized out>) at ../../lib/transport/transport-tls.c:102
#14 0x00007ffff7b88def in log_transport_write (count=50, buf=<optimized out>, self=<optimized out>) at ../../lib/transport/logtransport.h:45
#15 log_proto_text_client_flush (s=0x55555578f780) at ../../lib/logproto/logproto-text-client.c:54
#16 0x00007ffff7b716a7 in log_proto_client_flush (s=<optimized out>) at ../../lib/logproto/logproto-client.h:110
#17 log_writer_flush_finalize (self=0x5555557bdaa0) at ../../lib/logwriter.c:1083
#18 log_writer_flush (self=0x5555557bdaa0, flush_mode=LW_FLUSH_NORMAL) at ../../lib/logwriter.c:1212
#19 0x00007ffff7b716fa in log_writer_work_perform (s=0x5555557bdaa0) at ../../lib/logwriter.c:185
#20 0x00007ffff7b732dd in _work (self=<optimized out>) at ../../lib/mainloop-io-worker.c:52
#21 0x00007ffff6579ea7 in ?? () from /usr/lib/x86_64-linux-gnu/libivykis.so.0
#22 0x00007ffff65791a3 in ?? () from /usr/lib/x86_64-linux-gnu/libivykis.so.0
#23 0x00007ffff657bb54 in iv_main () from /usr/lib/x86_64-linux-gnu/libivykis.so.0
#24 0x00007ffff6579cd3 in ?? () from /usr/lib/x86_64-linux-gnu/libivykis.so.0
#25 0x00007ffff657c687 in ?? () from /usr/lib/x86_64-linux-gnu/libivykis.so.0
#26 0x00007ffff63600a4 in start_thread () from /lib/x86_64-linux-gnu/libpthread.so.0
#27 0x00007ffff609562d in clone () from /lib/x86_64-linux-gnu/libc.so.6


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF8, LC_CTYPE=en_US.UTF8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

More information about the Syslog-ng-maintainers mailing list