[Bug 1975347] Re: Backport OPENSSL_strcasecmp fixes from 3.0 branch
Davide Pesavento
1975347 at bugs.launchpad.net
Sat May 21 02:15:59 UTC 2022
** Description changed:
The recent openssl update to 3.0.2-0ubuntu1.2 in jammy included some
buggy changes related to OPENSSL_strcasecmp. Briefly, it's possible for
OPENSSL_strcasecmp to be called before the global locale_t object has
- been initialized, causing a crash. For example, this bug can be
- trivially triggered with the program below.
+ been initialized, causing a crash in strcasecmp_l. For example, this bug
+ can be trivially triggered with the program below.
#include <openssl/evp.h>
int main()
{
- EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
+ EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
}
The problem is already fixed in the openssl-3.0 branch. Please consider
backporting this PR https://github.com/openssl/openssl/pull/18293 or
updating the ubuntu package to a more recent commit of that branch that
includes the fixes.
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1975347
Title:
Backport OPENSSL_strcasecmp fixes from 3.0 branch
Status in openssl package in Ubuntu:
New
Bug description:
The recent openssl update to 3.0.2-0ubuntu1.2 in jammy included some
buggy changes related to OPENSSL_strcasecmp. Briefly, it's possible
for OPENSSL_strcasecmp to be called before the global locale_t object
has been initialized, causing a crash in strcasecmp_l. For example,
this bug can be trivially triggered with the program below.
#include <openssl/evp.h>
int main()
{
EVP_PKEY_Q_keygen(NULL, NULL, "EC", "P-256");
}
The problem is already fixed in the openssl-3.0 branch. Please
consider backporting this PR
https://github.com/openssl/openssl/pull/18293 or updating the ubuntu
package to a more recent commit of that branch that includes the
fixes.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1975347/+subscriptions
More information about the foundations-bugs
mailing list