[Bug 973741] Re: [SRU] segmentation fault for all https operations in libcrypto.so.1.0.0 on 'legacy' Intel Xeon CPUs

Clint Byrum clint at fewbar.com
Fri Jul 27 13:18:50 UTC 2012


I uploaded this to precise-proposed yesterday BTW, forgot to comment.
Its waiting for SRU team review.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/973741

Title:
  [SRU] segmentation fault for all https operations in
  libcrypto.so.1.0.0 on 'legacy' Intel Xeon CPUs

Status in OpenSSL cryptography and SSL/TLS toolkit:
  Fix Released
Status in “openssl” package in Ubuntu:
  Fix Released
Status in “s3cmd” package in Ubuntu:
  Invalid
Status in “openssl” source package in Precise:
  In Progress
Status in “s3cmd” source package in Precise:
  Invalid

Bug description:
  [IMPACT]

  https operations that make use of openssl/libcrypto on specific legacy
  Intel CPUs results in SIGSEGV.  This includes everything from
  utilities like wget and curl, to mail servers and everything in
  between.

  [TESTCASE]

  curl or wget a URL via the HTTPS, observe segfault.  One user reports
  this is reproducible on Intel Xeon(TM) CPU 3.40GHz cpu family: 15.

  [DEVELOPMENT FIX]

  This bug has been fixed upstream since April 2012, see
  http://cvs.openssl.org/chngview?cn=22415. The upstream fix has been
  applied and fixed in Debain since openssl-1.0.1a-3, and in Ubuntu
  12.10 since the 1.0.1c-3ubuntu1 sync.

  [Regression Potential]
  Low, relatively trivial patch that only uses 4_hmac_md56_cipher if the architecture is capable.

  >> Original Bug <<

  All `s3cmd` commands fail with a Segmentation Fault on Ubuntu 12.04
  Precise Pangolin if `use_https = True` is set in the `$HOME/.s3cfg`
  file.

  $ apt-cache policy s3cmd
  s3cmd:
    Installed: 1.0.0-1
    Candidate: 1.0.0-1
    Version table:
   *** 1.0.0-1 0
          500 http://us.archive.ubuntu.com/ubuntu/ precise/universe amd64 Packages
          100 /var/lib/dpkg/status

  $ s3cmd du
  DEBUG: Updating Config.Config encoding -> UTF-8
  DEBUG: Updating Config.Config follow_symlinks -> False
  DEBUG: Updating Config.Config verbosity -> 30
  DEBUG: Unicodising 'du' using UTF-8
  DEBUG: Command: du
  DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Wed, 04 Apr 2012 20:33:06 +0000\n/'
  DEBUG: CreateRequest: resource[uri]=/
  DEBUG: SignHeaders: 'GET\n\n\n\nx-amz-date:Wed, 04 Apr 2012 20:33:06 +0000\n/'
  DEBUG: Processing request, please wait...
  DEBUG: get_hostname(None): s3.amazonaws.com
  DEBUG: format_uri(): /
  Segmentation fault

  $ gdb python
  GNU gdb (Ubuntu/Linaro 7.4-2012.02-0ubuntu2) 7.4-2012.02
  Copyright (C) 2012 Free Software Foundation, Inc.
  License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
  and "show warranty" for details.
  This GDB was configured as "x86_64-linux-gnu".
  For bug reporting instructions, please see:
  <http://bugs.launchpad.net/gdb-linaro/>...
  Reading symbols from /usr/bin/python...(no debugging symbols found)...done.
  (gdb) run /usr/bin/s3cmd du
  Starting program: /usr/bin/python /usr/bin/s3cmd du
  [Thread debugging using libthread_db enabled]
  Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

  Program received signal SIGSEGV, Segmentation fault.
  0x00007ffff721b031 in RC4 () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
  (gdb) backtrace
  #0  0x00007ffff721b031 in RC4 () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
  #1  0x00000000000000db in ?? ()
  #2  0x000000000000009f in ?? ()
  #3  0x0000000000ed91f0 in ?? ()
  #4  0x00007ffff7281609 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0
  #5  0x00007ffff7583b0f in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0
  #6  0x00007ffff757adb8 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0
  #7  0x00007ffff757b0e4 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.0.0
  #8  0x000000000056f7ec in ?? ()
  #9  0x0000000000562ad2 in PyEval_EvalFrameEx ()
  #10 0x000000000056a166 in PyEval_EvalCodeEx ()
  #11 0x000000000056312e in PyEval_EvalFrameEx ()
  #12 0x000000000056a166 in PyEval_EvalCodeEx ()
  #13 0x000000000056312e in PyEval_EvalFrameEx ()
  #14 0x0000000000563070 in PyEval_EvalFrameEx ()
  #15 0x000000000056a166 in PyEval_EvalCodeEx ()
  #16 0x000000000056312e in PyEval_EvalFrameEx ()
  #17 0x000000000056a166 in PyEval_EvalCodeEx ()
  #18 0x000000000056312e in PyEval_EvalFrameEx ()
  #19 0x0000000000563070 in PyEval_EvalFrameEx ()
  #20 0x000000000056a166 in PyEval_EvalCodeEx ()
  #21 0x000000000056312e in PyEval_EvalFrameEx ()
  #22 0x000000000056a166 in PyEval_EvalCodeEx ()
  #23 0x000000000056312e in PyEval_EvalFrameEx ()
  #24 0x0000000000563070 in PyEval_EvalFrameEx ()
  #25 0x0000000000563070 in PyEval_EvalFrameEx ()
  #26 0x0000000000563070 in PyEval_EvalFrameEx ()
  #27 0x0000000000563070 in PyEval_EvalFrameEx ()
  #28 0x000000000056a166 in PyEval_EvalCodeEx ()
  #29 0x000000000055f10b in ?? ()
  #30 0x000000000055f9d4 in PyRun_FileExFlags ()
  #31 0x000000000055fc41 in PyRun_SimpleFileExFlags ()
  #32 0x000000000056102d in Py_Main ()
  #33 0x00007ffff68e576d in __libc_start_main () from /lib/x86_64-linux-gnu/libc.so.6
  #34 0x000000000041b971 in _start ()

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssl/+bug/973741/+subscriptions




More information about the foundations-bugs mailing list