FS#76411 - [transmission] openssl-3.0: segfault during rc4 initialization

Attached to Project: Arch Linux
Opened by Thomas Weißschuh (t-8ch) - Thursday, 03 November 2022, 20:25 GMT
Last edited by Evangelos Foutras (foutrelis) - Thursday, 03 November 2022, 23:03 GMT
Task Type Bug Report
Category Packages: Testing
Status Closed
Assigned To Florian Pritz (bluewind)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:

During initialization of the crypto subsystem libtransmission tries to initialize an rc4 context.
This seems to always fail on openssl 3.0 leading to a followup segfault.

Additional info:
* transmission-gtk/libtransmission: 3.00-5
* openssl: 3.0.7-2
* https://github.com/transmission/transmission/issues/1777 also mentions abort during rc4 init, the fix to use another RC4 implementation seems not to be in the release version of transmission.

Steps to reproduce:
* Try to download a torrent in transmission-gtk that uses encrypted connections.

Backtrace:

#0 0x00007f3becb97db3 in EVP_CIPHER_CTX_set_key_length () at /usr/lib/libcrypto.so.3
#1 0x0000557c39957084 in tr_rc4_set_key (handle=0x0, key=key@entry=0x7f3be61e7240 "\372v\305\061\236a\003-\341\b\rRNc\021\227\177\356|\245", key_length=key_length@entry=20) at crypto-utils-openssl.c:213
#2 0x0000557c3997d53a in initRC4 (crypto=crypto@entry=0x7f3bd4072820, setme=setme@entry=0x7f3bd4072828, key=<optimized out>) at crypto.c:106
#3 0x0000557c3997d870 in tr_cryptoEncryptInit (crypto=0x7f3bd4072820) at crypto.c:140
#4 0x0000557c3997f0b6 in readYb (inbuf=0x7f3bd4071cf0, handshake=0x7f3bd4072980) at handshake.c:460
#5 canRead (io=<optimized out>, arg=0x7f3bd4072980, piece=<optimized out>) at handshake.c:1060
#6 0x0000557c399676ba in canReadWrapper (io=0x7f3bd4072460) at peer-io.c:211
#7 0x0000557c3998a6ef in UTP_ProcessIncoming(UTPSocket*, unsigned char const*, unsigned long, bool) ()
#8 0x0000557c3998b9a0 in UTP_IsIncomingUTP ()
#9 0x0000557c3994a78d in tr_utpPacket (buf=buf@entry=0x7f3be61e7b20 "\001", buflen=buflen@entry=232, from=from@entry=0x7f3be61e7aa0, fromlen=16, ss=ss@entry=0x557c3aaba7d0) at tr-utp.c:181
#10 0x0000557c39949e86 in event_callback (s=<optimized out>, type=<optimized out>, sv=0x557c3aaba7d0) at tr-udp.c:285
#11 0x00007f3bed0bcc45 in event_persist_closure (ev=<optimized out>, base=0x7f3bd4000bb0) at /usr/src/debug/libevent/libevent-2.1.12-stable/event.c:1623
#12 event_process_active_single_queue (base=base@entry=0x7f3bd4000bb0, activeq=0x7f3bd4001000, max_to_process=max_to_process@entry=2147483647, endtime=endtime@entry=0x0)
at /usr/src/debug/libevent/libevent-2.1.12-stable/event.c:1682
#13 0x00007f3bed0be3af in event_process_active (base=0x7f3bd4000bb0) at /usr/src/debug/libevent/libevent-2.1.12-stable/event.c:1783
#14 event_base_loop (base=base@entry=0x7f3bd4000bb0, flags=flags@entry=0) at /usr/src/debug/libevent/libevent-2.1.12-stable/event.c:2006
#15 0x00007f3bed0be68c in event_base_dispatch (event_base=event_base@entry=0x7f3bd4000bb0) at /usr/src/debug/libevent/libevent-2.1.12-stable/event.c:1817
#16 0x0000557c3994aaa9 in libeventThreadFunc (veh=0x557c3ab049a0) at trevent.c:263
#17 0x0000557c39933539 in ThreadFunc (_t=0x557c3ab30cd0) at platform.c:104
#18 0x00007f3bec89f8fd in start_thread (arg=<optimized out>) at pthread_create.c:442
#19 0x00007f3bec921a60 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
This task depends upon

Closed by  Evangelos Foutras (foutrelis)
Thursday, 03 November 2022, 23:03 GMT
Reason for closing:  Fixed
Additional comments about closing:  transmission 3.00-6
Comment by loqs (loqs) - Thursday, 03 November 2022, 22:37 GMT
You can enable the legacy provider that includes rc4 see https://bbs.archlinux.org/viewtopic.php?pid=2065783#p2065783
Comment by Thomas Weißschuh (t-8ch) - Thursday, 03 November 2022, 22:48 GMT
As my personal workaround I packaged the beta of transmission 4 in the AUR for now. That works fine.
https://aur.archlinux.org/pkgbase/transmission4

Loading...