-
-
Notifications
You must be signed in to change notification settings - Fork 88
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
segfault when compiled without libbsd #1233
Comments
This time fixing a segfault reported & debugged entirely by graywolf. See: <OpenSMTPD/OpenSMTPD#1233> So, what went wrong here? Mostly me being entirely convinced, to the point of not even looking, that we have no opensmtpd system test. We do. Instead, I tested the update on my own mail server, which for entirely unhysterical raisins happens to link OpenSMTPd against OpenSSL and so just happens to sidestep this bug. Aiya. * gnu/packages/mail.scm (opensmtpd): Update to 7.4.0p0. [native-inputs]: Add pkg-config. [inputs]: Add libbsd. [arguments]: Add "--with-libbsd" to #:configure-flags. Co-authored-by: graywolf in #guix Change-Id: I5536b828eecd16f041ed9381b16bd7aa54158155
@graywolf thanks for the detailed report and sorry for the delay. This happens to be a problem that was fixed in libressl 3.8 (libressl/portable@54b31ce) that no longer exports the compat symbols in libcrypto. Still, we can do something in configure to avoid this (i.e. checking arc4random() after libcrypto) |
LibreSSL pre 3.8 leaks the symbols of their compats in libcrypto. This is particularly painful with arc4random() which, in our implementation, relies on libcrypto. LibreSSL' RAND_add() calls itself arc4random_buf() resulting in an infinite loop due to the symbol clash. Instead, check for arc4random() only after we've found libcrypto, and re-establish the prototype hack in openbsd-compat.h. Hopefully we'll be able to get rid of this workaround in a few releases. Issue reported by @graywolf, thank you! Fixes #1233
#1234 should fix this by re-using Thanks! |
@graywolf ah, please make sure to re-run |
After applying the patch and running autoreconf -i (I overlook the bootstrap), it seems to work. Thank you for fixing it :) |
Thank you for confirming the fix :) |
LibreSSL pre 3.8 leaks the symbols of their compats in libcrypto. This is particularly painful with arc4random() which, in our implementation, relies on libcrypto. LibreSSL' RAND_add() calls itself arc4random_buf() resulting in an infinite loop due to the symbol clash. Instead, check for arc4random() only after we've found libcrypto, and re-establish the prototype hack in openbsd-compat.h. Hopefully we'll be able to get rid of this workaround in a few releases. Issue reported by @graywolf, thank you! Fixes #1233
Hello,
when I compile opensmtpd without a libbsd, it fails to start with a segfault. Backtrace in the core dump:
That goes on for a while, I stopped the gdb when at #238808 stack depth. I believe the cause is _rs_stir calling RAND_bytes, which (only in libressl's implementation) calls arc4random_buf, leading to the loop.
libbsd does not use RAND_bytes, openssl does not use arc4random_buf, meaning both condition (no libbsd, use libressl) needs to be fulfilled for the crash to occur.
The text was updated successfully, but these errors were encountered: