FS#29442 - [openssl] curl segfaults in libcrypto
Attached to Project:
Arch Linux
Opened by Nikola Ivačič (nikolai) - Saturday, 14 April 2012, 07:13 GMT
Last edited by Dave Reisner (falconindy) - Monday, 15 October 2012, 10:26 GMT
Opened by Nikola Ivačič (nikolai) - Saturday, 14 April 2012, 07:13 GMT
Last edited by Dave Reisner (falconindy) - Monday, 15 October 2012, 10:26 GMT
|
Details
Description:
curl segfaults in libcrypto when using http post with ssl client cert. Additional info: I'm using versions: curl 7.25.0-1 openssl 1.0.1-2 Apr 14 09:07:30 miho kernel: [64645.599337] curl[11616]: segfault at 300000000 ip 00007f237666867b sp 00007fff6e796f20 error 4 in libcrypto.so.1.0.0[7f2376542000+1df000] Steps to reproduce: script: #!/bin/sh /usr/bin/curl -E some_cert.p12:"*********" \ --cert-type P12 -X POST \ -d "<?xml version=\"1.0\" encoding=\"UTF-8\"?> <Packet> <Header>...</Header> <Body>...</Body> </Packet> " \ -H "Content-Type: text/xml" https://some.server.com/post/url &>>/tmp/response_sms.log |
This task depends upon
(gdb) run
Starting program: /usr/bin/curl -E cert.p12:"****" --cert-type P12 -X POST -d "" -H "Content-Type: text/xml" https://server
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/libthread_db.so.1".
[New Thread 0x7ffff64ec700 (LWP 32111)]
[Thread 0x7ffff64ec700 (LWP 32111) exited]
Program received signal SIGSEGV, Segmentation fault.
i2c_ASN1_BIT_STRING (a=0x300000000, pp=0x0) at a_bitstr.c:73
73 len=a->length;
(gdb) backtrace
#0 i2c_ASN1_BIT_STRING (a=0x300000000, pp=0x0) at a_bitstr.c:73
#1 0x00007ffff6a3e649 in asn1_ex_i2c (pval=<optimized out>, pval@entry=0x657d30, cout=cout@entry=0x0, putype=putype@entry=0x7fffffffdaa0, it=it@entry=0x7ffff6cf69a0) at tasn_enc.c:636
#2 0x00007ffff6a3e728 in asn1_i2d_ex_primitive (pval=pval@entry=0x657d30, out=out@entry=0x0, it=it@entry=0x7ffff6cf69a0, tag=-1, aclass=<optimized out>) at tasn_enc.c:518
#3 0x00007ffff6a3e956 in ASN1_item_ex_i2d (pval=pval@entry=0x657d30, out=out@entry=0x0, it=0x7ffff6cf69a0, tag=tag@entry=-1, aclass=aclass@entry=0) at tasn_enc.c:158
#4 0x00007ffff6a3eef7 in asn1_template_ex_i2d (pval=0x657d30, out=out@entry=0x0, tt=0x7ffff6cfd410, tag=tag@entry=-1, iclass=iclass@entry=0) at tasn_enc.c:413
#5 0x00007ffff6a3eb69 in ASN1_item_ex_i2d (pval=pval@entry=0x7fffffffdc70, out=out@entry=0x0, it=0x7ffff6cf5f80, tag=16, aclass=0) at tasn_enc.c:231
#6 0x00007ffff6a3f1b0 in asn1_item_flags_i2d (flags=0, it=0x7ffff6cf5f80, out=0x0, val=0x657d20) at tasn_enc.c:122
#7 ASN1_item_i2d (val=val@entry=0x657d20, out=out@entry=0x0, it=it@entry=0x7ffff6cf5f80) at tasn_enc.c:91
#8 0x00007ffff6a39dec in i2d_X509 (a=a@entry=0x657d20, out=out@entry=0x0) at x_x509.c:141
#9 0x00007ffff6d400d3 in ssl3_add_cert_to_buf (x=0x657d20, l=<synthetic pointer>, buf=0x754150) at s3_both.c:327
#10 ssl3_output_cert_chain (s=s@entry=0x7175d0, x=0x657d20) at s3_both.c:397
#11 0x00007ffff6d3919a in ssl3_send_client_certificate (s=s@entry=0x7175d0) at s3_clnt.c:3141
#12 0x00007ffff6d39bff in ssl3_connect (s=0x7175d0) at s3_clnt.c:408
#13 0x00007ffff6d3f388 in ssl3_read_bytes (s=0x7175d0, type=23, buf=0x6424c8 "", len=16384, peek=0) at s3_pkt.c:969
#14 0x00007ffff6d3b9ca in ssl3_read_internal (peek=0, len=16384, buf=0x6424c8, s=0x7175d0) at s3_lib.c:4207
#15 ssl3_read (s=0x7175d0, buf=0x6424c8, len=16384) at s3_lib.c:4227
#16 0x00007ffff7ba3a11 in ossl_recv () from /usr/lib/libcurl.so.4
#17 0x00007ffff7b93480 in Curl_read () from /usr/lib/libcurl.so.4
#18 0x00007ffff7baa282 in Curl_readwrite () from /usr/lib/libcurl.so.4
#19 0x00007ffff7babce6 in Curl_do_perform () from /usr/lib/libcurl.so.4
#20 0x00007ffff7babf45 in Curl_perform () from /usr/lib/libcurl.so.4
#21 0x00007ffff7bac53c in curl_easy_perform () from /usr/lib/libcurl.so.4
#22 0x000000000040a428 in operate ()
#23 0x00000000004071d6 in main ()
[/code]
openssl-1.0.1/crypto/asn1/a_bitstr.c
p.s. I worked fine prior to update to openssl-1.0.0 version.
(same cert, same script, curl-openssl works)