segfault in libcrypto

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

segfault in libcrypto

Jeremy Mortis
Hi folks:

I'm having an issue where wget (and curl) segfaults in libcrypto when trying to access a particular https site.

The site can be accessed via IE or Firefox without problems.  I'm running 64-bit Ubuntu 12.04 LTS with OpenSSL version 1.0.1 14 Mar 2012.

I can easily imagine that the site owners of canadahelps.org have done something strange but one would hope that nothing they do should be able to create a segfault on the client end.

Any ideas?


$ gdb wget
(gdb) run  https://www.canadahelps.org
...
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff783f031 in RC4 () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
(gdb) bt
#0  0x00007ffff783f031 in RC4 () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#1  0x00000000000000ac in ?? ()
#2  0x000000000000005f in ?? ()
#3  0x000000000069df60 in ?? ()
#4  0x00007ffff78a5629 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
#5  0x00007ffff7ba7bdf in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0
#6  0x00007ffff7b9ee04 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0
#7  0x00007ffff7b9f144 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0
#8  0x000000000042c8ff in ?? ()
#9  0x00000000004064b6 in ?? ()
#10 0x0000000000416b79 in ?? ()
#11 0x000000000041863c in ?? ()
#12 0x000000000041b4c3 in ?? ()
#13 0x000000000042484e in ?? ()
#14 0x00000000004052d5 in ?? ()
#15 0x00007ffff6fdf76d in __libc_start_main ()
   from /lib/x86_64-linux-gnu/libc.so.6
#16 0x0000000000405b91 in ?? ()
#17 0x00007fffffffeb88 in ?? ()
#18 0x000000000000001c in ?? ()
#19 0x0000000000000002 in ?? ()
#20 0x00007fffffffeda8 in ?? ()
#21 0x00007fffffffedb6 in ?? ()


Reply | Threaded
Open this post in threaded view
|

RE: segfault in libcrypto

Dave Thompson-5
>From: [hidden email] On Behalf Of Jeremy Mortis
>Sent: Friday, 30 November, 2012 14:24

>I'm having an issue where wget (and curl) segfaults in libcrypto
>when trying to access a particular https site.
       
>The site can be accessed via IE or Firefox without problems.  
>I'm running 64-bit Ubuntu 12.04 LTS with OpenSSL version 1.0.1 14 Mar 2012.
       
>I can easily imagine that the site owners of canadahelps.org
>have done something strange but one would hope that nothing
>they do should be able to create a segfault on the client end.

Agree there.

>Any ideas?

When you say "particular" does that mean you can successfully
access other sites with same wget and curl?

What about openssl s_client -connect www.canadahelps.org:443 <getroot
where getroot contains GET / HTTP/1.0<crlf><crlf> ?
If that also faults, add -state -msg to see when.
       
One thing is suspicious: your stack trace shows as in RC4,
but when I connect to that host with 1.0.1c s_client (on x86)
it negotiates (akRSA)TDES-SHA, not any RC4 suite. However,
some faults may clobber PC and/or stack, and without symbols
gdb often guesses wrong about "where" an address is anyway.

If you can get commandline s_client to fault, get (or create)
a build with symbols and try debugging that. If it only occurs
in the real app(s), that is likely to be harder.

<snip>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Openssl crypto-only (? libcrypto) (visual studio?)

Nou Dadoun
Hey folks,

In our on-going efforts to construct something that will pass muster in the win8 app environment, I'd like to build the crypto library *only* without any socket or networking api calls and without any assembler.

We're eventually building our full app using Visual Studio 2012 so having a project to do this would be ideal since it would make the build and deploy process much simpler.  Anything like a  VS project to build crypto only out there anywhere?

Thanks .. N

---
Nou Dadoun
[hidden email]
604-628-1215
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Openssl crypto-only (? libcrypto) (visual studio?)

Nou Dadoun
In reply to this post by Dave Thompson-5
How about a simpler question, I've found a Stack Overflow article which mentions
no-sock       -DOPENSSL_NO_SOCK         No socket code.

as a build option to exclude socket code and even has an example! I'd like a build option which excludes assembler code as well (to allow for cross-compilation), anyone know what that might be?  Or even better, a list of config options that I can use to tailor my build?

This seems like basic information that should be in a man page or readme file somewhere, is it?


---
Nou Dadoun
[hidden email]
604-628-1215


-----Original Message-----
From: Nou Dadoun
Sent: December 3, 2012 4:44 PM
To: '[hidden email]'
Subject: Openssl crypto-only (? libcrypto) (visual studio?)

Hey folks,

In our on-going efforts to construct something that will pass muster in the win8 app environment, I'd like to build the crypto library *only* without any socket or networking api calls and without any assembler.

We're eventually building our full app using Visual Studio 2012 so having a project to do this would be ideal since it would make the build and deploy process much simpler.  Anything like a  VS project to build crypto only out there anywhere?

Thanks .. N

---
Nou Dadoun
[hidden email]
604-628-1215
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: Openssl crypto-only (? libcrypto) (visual studio?)

J. J. Farrell-2
> From: Nou Dadoun [mailto:[hidden email]]
> Sent: Tuesday, December 04, 2012 5:50 PM
>
> How about a simpler question, I've found a Stack Overflow article which
> mentions
> no-sock       -DOPENSSL_NO_SOCK         No socket code.
>
> as a build option to exclude socket code and even has an example! I'd
> like a build option which excludes assembler code as well (to allow for
> cross-compilation), anyone know what that might be?  Or even better, a
> list of config options that I can use to tailor my build?
>
> This seems like basic information that should be in a man page or
> readme file somewhere, is it?

Did you miss all the discussion of building without assembler code in the installation and build instructions which come with the source?
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]