Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SegmentationFault with provided openssl.Linux.x86_64 #1275

Open
ic0ns opened this issue May 23, 2019 · 9 comments

Comments

@ic0ns
Copy link

commented May 23, 2019

Hey,
your provided openssl binary segfaults while doing the OCSP check on my system. If I execute the same command with my normal openssl version (I tested either 1.0.2 or 1.1.1) no segfault occurs. This might be related to the statically linking of the version (I assume)? I am also not sure if this should be reported to the openssl dev's instead

  1. uname -a
    5.1.4-arch1-1-ARCH #1 SMP PREEMPT Wed May 22 08:06:56 UTC 2019 x86_64 GNU/Linux

  2. testssl version from the banner: testssl.sh -b 2>/dev/null | head -4 | tail -2
    testssl.sh 3.0rc5 from https://testssl.sh/dev/

  3. git log | head -1 (if running from git repo)
    commit 91e98f1

  4. openssl version used by testssl.sh: testssl.sh -b 2>/dev/null | awk -F':' '/openssl/ { print $2}'

./bin/openssl.Linux.x86_64

  1. steps to reproduce: testssl.sh or docker command line, if possible incl. host

./testssl.sh --phone-out google.de

  1. what exactly was happening, output is needed

The provided openssl binary segfaults on the ocsp request.
´´´
OCSP URI http://ocsp.pki.goog/GTSGIAG3./testssl.sh: Zeile 1741: 26002 Speicherzugriffsfehler (Speicherabzug geschrieben) $OPENSSL ocsp -no_nonce ${host_header} -url "$uri" -issuer $TEMPDIR/hostcert_issuer.pem -verify_other $TEMPDIR/intermediatecerts.pem -CAfile <(cat $ADDITIONAL_CA_FILES "$GOOD_CA_BUNDLE") -cert $HOSTCERT -text &> "$tmpfile"
, error querying OCSP responder (empty ocsp response)
´´´
dmesg says:
´´´
openssl[17662]: segfault at 1c ip 00007f0273e75703 sp 00007ffd8e011590 error 4 in libnss_resolve.so.2[7f0273e6b000+2d000]
´´´

  1. what did you expect instead?
    No segfault

If further info / cooperation is need let me know.
Cheers
Robert

@drwetter

This comment has been minimized.

Copy link
Owner

commented May 23, 2019

Hi Robert!

mmm.... first time somebody reported something like this. And I never experience through all the years on a variety of platforms this myself.

Looks to me it's somewhat related to Arch-Linux and one the binary's calls doesn't comply with what libnss_resolve expects.

Did you try to gdb the core file or strace the ocsp call?

Cheers, Dirk

@ic0ns

This comment has been minimized.

Copy link
Author

commented May 23, 2019

strace output static linked:
https://gist.github.com/ic0ns/b72ab0e7ba8ab327a299a29dbb939c48
strace output normal openssl:
https://gist.github.com/ic0ns/7a27806df72efb9d5f90694be4a83578

I have to admit I'm no expert in debugging such issues.

@drwetter

This comment has been minimized.

Copy link
Owner

commented May 23, 2019

Thanks.

It's certainly a system thing, but cannot tell why yet. Your system opens for some reason a unix socket to /run/dbus/system_bus_socket, then it tries to send data over it and crashes. It is certainly triggered by the supplied openssl but my guess is your system is somehwat taking part in that.

It has something to do with dbus, systemd and maybe DNS resolution. If you doing DNS queries over systemd, have you tried to configure it the correct..err... classical way?

I tried to reproduced that on some modern machines I have here (debian buster, opensuse tumbleweed) but it's completely different. They don't use this unix socket.

@drwetter

This comment has been minimized.

Copy link
Owner

commented May 24, 2019

Another thing which would be interesting to know whether a self-compiled binary works for you?

Sources: https://github.com/drwetter/openssl-1.0.2.bad . Make script: https://github.com/drwetter/testssl.sh/blob/3.0/utils/make-openssl.sh

@ic0ns

This comment has been minimized.

Copy link
Author

commented May 24, 2019

I did not make any significant DNS related changes to the system. It should be mostly default settings.
I tried this today on my machine at home ( also 5.1.3-arch1-1-ARCH #1 SMP PREEMPT) which also shows the same behavior.

The self-compiled version also segfaults for me. I now also tried openssl.1.0.2q without your changes (compiled with -static) and it also segfaults. So I assume that this might be a general (static)openssl problem?

@drwetter

This comment has been minimized.

Copy link
Owner

commented May 24, 2019

@ic0ns

This comment has been minimized.

Copy link
Author

commented May 24, 2019

yes

@drwetter

This comment has been minimized.

Copy link
Owner

commented May 28, 2019

It seems to me that this is either a bug in systemd-resolved or a deliberate incompatibility introduced by systemd -- at least in my opinion I do not get why static DNS libs should fail all of a sudden.

You can try to reconfigure the system like

systemctl stop systemd-resolved
systemctl disable systemd-resolved

and then find / configure another means to get an IP address and name resolution e.g. by network manager.

@drwetter

This comment has been minimized.

Copy link
Owner

commented May 28, 2019

.. and what could help to file an issue @ https://github.com/systemd/systemd/issues with the gists provided.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
2 participants
You can’t perform that action at this time.