[Bug 942060] [NEW] OpenSSL 0.9.8k seg. faults

Mikhail Kulinich 942060 at bugs.launchpad.net
Mon Feb 27 16:24:21 UTC 2012 

Public bug reported:

I observe wrong behavior of OpenSSL library in error cases. I.e. when
trying to convert DER encoded (malformed in fact) public key into
internal OpenSSL structures I get core dump of the whole application.
But it seems, it is applicable only in multi threaded environment.

The test case is attached, the command line to compile is: g++ -o d2i
d2i.cc -lcrypto -lpthread

~/c-tests/openssl$ lsb_release -rd
Description:    Ubuntu 10.04.3 LTS
Release:        10.04

~/c-tests/openssl$ apt-cache policy libssl-dev
libssl-dev:
  Installed: 0.9.8k-7ubuntu8.8
  Candidate: 0.9.8k-7ubuntu8.8
  Version table:
 *** 0.9.8k-7ubuntu8.8 0
        500 http://ru.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
        500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
        100 /var/lib/dpkg/status
     0.9.8k-7ubuntu8 0
        500 http://ru.archive.ubuntu.com/ubuntu/ lucid/main Packages

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: core dump openssl

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/942060

Title:
  OpenSSL 0.9.8k seg. faults

Status in “openssl” package in Ubuntu:
  New

Bug description:
  I observe wrong behavior of OpenSSL library in error cases. I.e. when
  trying to convert DER encoded (malformed in fact) public key into
  internal OpenSSL structures I get core dump of the whole application.
  But it seems, it is applicable only in multi threaded environment.

  The test case is attached, the command line to compile is: g++ -o d2i
  d2i.cc -lcrypto -lpthread

  ~/c-tests/openssl$ lsb_release -rd
  Description:    Ubuntu 10.04.3 LTS
  Release:        10.04

  ~/c-tests/openssl$ apt-cache policy libssl-dev
  libssl-dev:
    Installed: 0.9.8k-7ubuntu8.8
    Candidate: 0.9.8k-7ubuntu8.8
    Version table:
   *** 0.9.8k-7ubuntu8.8 0
          500 http://ru.archive.ubuntu.com/ubuntu/ lucid-updates/main Packages
          500 http://security.ubuntu.com/ubuntu/ lucid-security/main Packages
          100 /var/lib/dpkg/status
       0.9.8k-7ubuntu8 0
          500 http://ru.archive.ubuntu.com/ubuntu/ lucid/main Packages

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/942060/+subscriptions

More information about the foundations-bugs mailing list