You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm sorry I didn't run the recent crypto patches through the internal CI, I trusted the github CI, but forgot it doesn't include all operating systems:
On Debian we see failures like this:
==34326==
==34326== 71 errors in context 34 of 35:
==34326== Use of uninitialised value of size 8
==34326== at 0x52BA8E9: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x52A859E: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x51FB9E9: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x51FAA42: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x51FAEE2: BIO_write (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x4BD7538: sss_base64_encode (crypto_base64.c:45)
==34326== by 0x4BD8964: sss_password_encrypt (crypto_obfuscate.c:182)
==34326== by 0x10C2E6: test_sss_password_encrypt_decrypt (crypto-tests.c:74)
==34326== by 0x10E7EA: tcase_run_tfun_nofork.isra.9 (in /var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/crypto-tests)
==34326== by 0x10EBAB: srunner_run (in /var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/crypto-tests)
==34326== by 0x10B754: main (crypto-tests.c:291)
==34326==
{
<insert_a_suppression_name_here>
Memcheck:Value8
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:BIO_write
fun:sss_base64_encode
fun:sss_password_encrypt
fun:test_sss_password_encrypt_decrypt
fun:tcase_run_tfun_nofork.isra.9
fun:srunner_run
fun:main
}
==34326==
==34326== 71 errors in context 35 of 35:
==34326== Use of uninitialised value of size 8
==34326== at 0x52BA8D3: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x52A859E: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x51FB9E9: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x51FAA42: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x51FAEE2: BIO_write (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==34326== by 0x4BD7538: sss_base64_encode (crypto_base64.c:45)
==34326== by 0x4BD8964: sss_password_encrypt (crypto_obfuscate.c:182)
==34326== by 0x10C2E6: test_sss_password_encrypt_decrypt (crypto-tests.c:74)
==34326== by 0x10E7EA: tcase_run_tfun_nofork.isra.9 (in /var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/crypto-tests)
==34326== by 0x10EBAB: srunner_run (in /var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/crypto-tests)
==34326== by 0x10B754: main (crypto-tests.c:291)
==34326==
{
<insert_a_suppression_name_here>
Memcheck:Value8
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:BIO_write
fun:sss_base64_encode
fun:sss_password_encrypt
fun:test_sss_password_encrypt_decrypt
fun:tcase_run_tfun_nofork.isra.9
fun:srunner_run
fun:main
}
I haven't looked into whether the suppression needs to be amended or whether there is a genuine leak.
==32504==
==32504== 19 errors in context 87 of 87:
==32504== Conditional jump or move depends on uninitialised value(s)
==32504== at 0x4F93D7B: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==32504== by 0x4F943AC: ??? (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==32504== by 0x4F951FA: RAND_DRBG_generate (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==32504== by 0x4F95480: RAND_DRBG_bytes (in /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1)
==32504== by 0x4902554: s3crypt_gen_salt (crypto_sha512crypt.c:377)
==32504== by 0x4893DA0: sysdb_cache_password_ex (sysdb_ops.c:3219)
==32504== by 0x1266E1: test_pam_offline_auth_success (test_pam_srv.c:1580)
==32504== by 0x485A0D8: ??? (in /usr/lib/x86_64-linux-gnu/libcmocka.so.0.5.1)
==32504== by 0x485AA48: _cmocka_run_group_tests (in /usr/lib/x86_64-linux-gnu/libcmocka.so.0.5.1)
==32504== by 0x112821: main (test_pam_srv.c:3205)
==32504==
{
<insert_a_suppression_name_here>
Memcheck:Cond
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
obj:/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1
fun:RAND_DRBG_generate
fun:RAND_DRBG_bytes
fun:s3crypt_gen_salt
fun:sysdb_cache_password_ex
fun:test_pam_offline_auth_success
obj:/usr/lib/x86_64-linux-gnu/libcmocka.so.0.5.1
fun:_cmocka_run_group_tests
fun:main
}
btw I think I remember Alexey told me that openssl on Debian was broken, IIRC they picked a bad release by accident between two good releases. But maybe if there is already a fixed version somewhere, we could install it on our CI machines?
==33786== 4 errors in context 17 of 19:
==33786== Use of uninitialised value of size 8
==33786== at 0x4C62608: b64_from_24bit (crypto_sha512crypt.c:62)
==33786== by 0x4C62608: s3crypt_gen_salt (crypto_sha512crypt.c:386)
==33786== by 0x4BF5DA0: sysdb_cache_password_ex (sysdb_ops.c:3219)
==33786== by 0x113BDB: test_sysdb_cache_password (sysdb-tests.c:2134)
==33786== by 0x12D88A: tcase_run_tfun_nofork.isra.9 (in /var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/sysdb-tests)
==33786== by 0x12DC4B: srunner_run (in /var/lib/jenkins/workspace/ci/label/debian_testing/ci-build-debug/.libs/sysdb-tests)
==33786== by 0x10E319: main (sysdb-tests.c:7812)
==33786==
{
<insert_a_suppression_name_here>
Memcheck:Value8
fun:b64_from_24bit
fun:s3crypt_gen_salt
fun:sysdb_cache_password_ex
fun:test_sysdb_cache_password
fun:tcase_run_tfun_nofork.isra.9
fun:srunner_run
fun:main
}
I'm sorry I didn't run the recent crypto patches through the internal CI
This issues has nothing to do with recent patches.
The reason is update of openssl packaged on Debian machine:
Jun 16: Unpacking openssl (1.1.1c-1) over (1.1.1b-2) ...
Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/4033
I'm sorry I didn't run the recent crypto patches through the internal CI, I trusted the github CI, but forgot it doesn't include all operating systems:
On Debian we see failures like this:
I haven't looked into whether the suppression needs to be amended or whether there is a genuine leak.
Comments
Comment from jhrozek at 2019-06-26 09:27:32
CC @atikhonov
Comment from jhrozek at 2019-06-26 09:28:37
Also pam_srv_test fail with:
Comment from jhrozek at 2019-06-26 09:29:48
btw I think I remember Alexey told me that openssl on Debian was broken, IIRC they picked a bad release by accident between two good releases. But maybe if there is already a fixed version somewhere, we could install it on our CI machines?
Comment from jhrozek at 2019-06-26 09:30:26
And finally sysdb tests:
Comment from atikhonov at 2019-06-26 11:23:36
This issues has nothing to do with recent patches.
The reason is update of openssl packaged on Debian machine:
Jun 16: Unpacking openssl (1.1.1c-1) over (1.1.1b-2) ...
Issue was introduced here: openssl/openssl@b3d113e
And was fixed here: openssl/openssl@700c5b8
Fix is picked up in Fedora package.
Comment from jhrozek at 2019-07-04 10:47:26
So I guess we can just close this ticket?
Comment from atikhonov at 2019-07-04 11:46:03
If we do not plan to take any action to see if Debian OpenSSL package could be fixed, then we can close this ticket.
Comment from pbrezina at 2020-03-13 14:37:26
Metadata Update from @pbrezina:
Comment from pbrezina at 2020-03-13 14:37:45
We added debian-wise valgrind suppression.
Comment from pbrezina at 2020-03-13 14:38:05
Metadata Update from @pbrezina:
The text was updated successfully, but these errors were encountered: