[Bug 1921518] Re: OpenSSL "double free" error
Julian Andres Klode
1921518 at bugs.launchpad.net
Fri Nov 12 20:09:21 UTC 2021
** Description changed:
[Impact]
openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior.
[Test plan]
Run the command of the package being tested in
gdb -ex "break CONF_modules_load_file" -ex "run" --args
and make sure it only breaks one.
+ Regression test:
+
+ In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that:
+ 1) wget continues to work without openssl.cnf
+ 2) wget continues to work with stock ubuntu unmodified openssl.cnf
+ 3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine)
+
+
[Where problems could occur]
wget: This is an upstream change that changes initialization and is in
use in later releases. Since it mostly removes an unneeded call to the
load file function, a regression could be a config file being ignored,
but it seems unlikely given the use in later releases
+
[Original bug report]
"double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine.
OpenSSL version is 1.1.1f
The issue is not encountered if
http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.
OpenSSL can be configured to use a dynamic engine by editing the default
openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu
systems.
On Bluefield systems, config diff to enable PKA dynamic engine, is as
below:
+openssl_conf = conf_section
+
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
+[ conf_section ]
+engines = engine_section
+
+[ engine_section ]
+bf = bf_section
+
+[ bf_section ]
+engine_id=pka
+dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
+init=0
+
engine_id above refers to dynamic engine name/identifier.
dynamic_path points to the .so file for the dynamic engine.
# curl -O https://tpo.pe/pathogen.vim
double free or corruption (out)
Aborted (core dumped)
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1921518
Title:
OpenSSL "double free" error
Status in openssl package in Ubuntu:
Incomplete
Status in wget package in Ubuntu:
Fix Released
Status in openssl source package in Focal:
Incomplete
Status in wget source package in Focal:
Incomplete
Bug description:
[Impact]
openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior.
[Test plan]
Run the command of the package being tested in
gdb -ex "break CONF_modules_load_file" -ex "run" --args
and make sure it only breaks one.
Regression test:
In default Ubuntu configuration, either no openssl configuration is provided, or it contains no settings that affect wget. This code path changes how/when openssl configuration is loaded and used by openssl. One should verify that:
1) wget continues to work without openssl.cnf
2) wget continues to work with stock ubuntu unmodified openssl.cnf
3) wget continue to honor and use custom TLS settings that one may have specified in openssl.cnf (for example custom engine)
[Where problems could occur]
wget: This is an upstream change that changes initialization and is in
use in later releases. Since it mostly removes an unneeded call to the
load file function, a regression could be a config file being ignored,
but it seems unlikely given the use in later releases
[Original bug report]
"double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine.
OpenSSL version is 1.1.1f
The issue is not encountered if
http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.
OpenSSL can be configured to use a dynamic engine by editing the
default openssl config file which is located at '/etc/ssl/openssl.cnf'
on Ubuntu systems.
On Bluefield systems, config diff to enable PKA dynamic engine, is as
below:
+openssl_conf = conf_section
+
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
+[ conf_section ]
+engines = engine_section
+
+[ engine_section ]
+bf = bf_section
+
+[ bf_section ]
+engine_id=pka
+dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
+init=0
+
engine_id above refers to dynamic engine name/identifier.
dynamic_path points to the .so file for the dynamic engine.
# curl -O https://tpo.pe/pathogen.vim
double free or corruption (out)
Aborted (core dumped)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+subscriptions
More information about the foundations-bugs
mailing list