Bug: SIGSEGV in OPENSSL_cleanse

List for cgit developers and users
 help / color / mirror / Atom feed

From: john at keeping.me.uk (John Keeping)
Subject: Bug: SIGSEGV in OPENSSL_cleanse
Date: Mon, 22 May 2017 19:51:28 +0100	[thread overview]
Message-ID: <20170522185128.GF7429@john.keeping.me.uk> (raw)
In-Reply-To: <2e8d90dd-1483-9e58-f2e9-51220d0c4a4d@neuromancer.sk>

On Mon, May 22, 2017 at 07:54:53PM +0200, Jan Jancar wrote:
> I am, or rather was, running an instance of cgit on an ARM box:
> 
> > uname -srm
> Linux 4.9.28-2-ARCH armv6l
> 
> I run ArchLinuxARM and they recently had an update to openssl:
> 
> openssl		1.1.0.e-1
> openssl-1.0	1.0.2.k-3
> 
> So I currently have 2 versions of openssl on that box.
> 
> After running cgit for awhile I noticed it now SIGSEGVs on certain requests:
> 
>            PID: 12517 (cgit.cgi)
>            UID: 33 (http)
>            GID: 33 (http)
>         Signal: 11 (SEGV)
>      Timestamp: Sun 2017-05-21 13:26:35 CEST (1 day 6h ago)
>   Command Line: /usr/lib/cgit/cgit.cgi
>     Executable: /usr/lib/cgit/cgit.cgi
>  Control Group: /system.slice/system-uwsgi.slice/uwsgi at cgit.service
>           Unit: uwsgi at cgit.service
>          Slice: system-uwsgi.slice
>        Boot ID: 93dadbde0e144f3ab346f1e21ac7ee5d
>     Machine ID: 4bd17fc498ad478094fa58c3a7782769
>       Hostname: Neuromancer
>        Storage:
> /var/lib/systemd/coredump/core.cgit\x2ecgi.33.93dadbde0e144f3ab346f1e21ac7ee5d.12517.1495365995000000000000.lz4
>        Message: Process 12517 (cgit.cgi) of user 33 dumped core.
> 
>                 Stack trace of thread 12517:
>                 #0  0x000000007678e7d8 OPENSSL_cleanse
> (/usr/lib/libcrypto.so.1.0.0)
> 
> 
> A bit more of the stack is shown when running the dump through gdb:
> 
> #0  0x765c37d8 in OPENSSL_cleanse () from /usr/lib/libcrypto.so.1.0.0
> #1  0x7664243c in EVP_MD_CTX_cleanup () from /usr/lib/libcrypto.so.1.0.0
> #2  0x76642774 in EVP_MD_CTX_destroy () from /usr/lib/libcrypto.so.1.0.0
> Backtrace stopped: previous frame identical to this frame (corrupt stack?)
> 
> 
> Investigating more, some weird behavior is shown, while ldd says
> cgit.cgi will run with /usr/lib/libcrypto.so.1.0.0 and even the coredump
> confirms that, when actually debugging the coredump, `info sharedlib` says:
> 
> warning: Corrupted shared library list: 0x76ffa8b0 != 0x0
> From        To          Syms Read   Shared Object Library
> 0x76fcf8f0  0x76feaaf0  Yes (*)     /lib/ld-linux-armhf.so.3
> 0x76e47000  0x76f6f794  Yes (*)     /usr/lib/libcrypto.so.1.1
> 0x76dcdb88  0x76dda8a0  Yes (*)     /usr/lib/libz.so.1
> 0x76da5190  0x76db6ce4  Yes (*)     /usr/lib/libpthread.so.0
> 0x76d8b7d0  0x76d8f418  Yes (*)     /usr/lib/librt.so.1
> 0x76d20580  0x76d74288  Yes (*)     /usr/lib/libluajit-5.1.so.2
> 0x76d09a30  0x76d0a944  Yes (*)     /usr/lib/libdl.so.2
> 0x76bd41f0  0x76cd4920  Yes (*)     /usr/lib/libc.so.6
> 0x76b3c680  0x76b776f0  Yes (*)     /usr/lib/libm.so.6
> 0x76b18180  0x76b26930  Yes         /usr/lib/libgcc_s.so.1
> 
> After that, setting LD_PRELOAD=/usr/lib/libcrypto.so.1.0
> actually fixes the problem. So is cgit incompatible with openssl 1.1
> or is there some other bug hiding?

Did you compile CGit yourself or are you using a pre-built package?
What version of libssl-dev is installed?

I wouldn't be surprised if compiling against openssl-1.0 headers but
linking with openssl-1.1 produces the behaviour you describe above.

next prev parent reply	other threads:[~2017-05-22 18:51 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-05-22 17:54 johny
2017-05-22 18:51 ` john [this message]
2017-05-22 20:39   ` johny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170522185128.GF7429@john.keeping.me.uk \
    --to=cgit@lists.zx2c4.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).