Bug#670581: [Pkg-openssl-devel] Bug#670581: openssl: ntpd segfaults with error 4 in libcrypto.so.0.9.8 on Debian squeeze

[Andris Kalnozols]

On 4/30/2012 3:07 AM, Kurt Roeckx wrote:

On Sun, Apr 29, 2012 at 05:13:39PM -0700, Andris Kalnozols wrote:

I also added the following code:

--- ntp_crypto.c.orig   2009-12-08 23:36:35.000000000 -0800
+++ ntp_crypto.c        2012-04-29 15:16:50.181208921 -0700
@@ -230,6 +230,38 @@
                 break;
         }

Can you add this line:
        EVP_MD_CTX_init(&ctx);

Before this line:
        

         EVP_DigestInit(&ctx, EVP_get_digestbynid(crypto_nid));

The documentation clearly says that ctx must be initialized before
calling EVP_DigestInit{_ex}



Kurt

I added the EVP_MD_CTX_init() routine as suggested but still get the
same failure after a while:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fe8700 (LWP 2771)]
0x00007ffff767eec3 in EVP_DigestUpdate (ctx=0x7fffffffda30,
    data=0x7fffffffd9c0, count=16) at digest.c:325
325     digest.c: No such file or directory.
        in digest.c
(gdb) bt full
#0  0x00007ffff767eec3 in EVP_DigestUpdate (ctx=0x7fffffffda30,
    data=0x7fffffffd9c0, count=16) at digest.c:325
No locals.
#1  0x000000000041e99b in session_key (srcadr=0x7070f0, dstadr=0x70d1b0,
    keyno=0, private=1378153285, lifetime=0) at ntp_crypto.c:266
        ctx = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0}
        dgst = 
"\016\000\000\000\000\000\000\000\320\341\377\377\377\177\000\000P\337\377\377\377\177\000\000P\266\377\367\377\177\000\000\370\337\377\377\377\177\000\000\214\031A\000\000\000\000\000`\332\377\377\377\177\000\000\000\000\000\000\000\000\000"
        keyid = 32767
        header = {3096497361, 84048844, 0, 1173562450, 0, 0, 4779203, 0, 
4779203, 0}
        hdlen = 16
        len = 32767


30 Apr 13:30:59 ntpd[2771]: session_key() IPv4 data: header[0]=3096497361, 
src_addr=209.204.144.184,
   header[1]=84048844, dst_addr=204.123.2.5
30 Apr 13:30:59 ntpd[2771]: remaining session_key() data [host byte order]: 
hdlen=16, keyno=0,
   private=1378153285, crypto_nid=4, ctx.flags=0

According to the EVP_DigestInit(3SSL) man page installed on my system, I see 
this:

       EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
       the passed context ctx does not have to be initialized, and it always
       uses the default digest implementation.

So it appears that NTP's session_key() is calling the digest routines correctly.

In `digest.c', the failing line of code seems to involve a function pointer
if I'm interpreting the EVP_MD structure correctly from `crypto/evp/evp.h:

  int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);

I made a guess that *update pointed to HASH_UPDATE() in `crypto/md32_common.h'
and put in some debugging statements there.  However, when running the NTP 
daemon
in the foreground, there was no output from any of the HASH_UPDATE() printf()
statements prior to the segfault.

Regards,
Andris





--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org