Bug#643336: libgcrypt11: New 1.5.0 version segfaults with NSS/PAM LDAP

Marc Dequènes (Duck) duck at duckcorp.org
Tue Sep 27 11:47:50 UTC 2011 

Package: libgcrypt11
Version: 1.5.0-3
Severity: important


Coin,

I'm using:
   - libgnutls26  2.12.10-2
   - libldap-2.4-2  2.4.25-3
   - libnss-ldap  264-2.2

After an upgrade a mere "id <user>" lead to the following segfault:
#0  0xb72011cd in do_aesni_enc_aligned (
     a=0xb723a1b8  
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004", <incomplete sequence \343>, b=0xbfb28ad8 "(\335%\267p\213\262\277\004{\343\t", ctx=0xbfb288e8) at  
rijndael.c:710
#1  do_aesni (ctx=0xbfb288e8, decrypt_flag=0, bx=0xbfb28ad8  
"(\335%\267p\213\262\277\004{\343\t",
     ax=0xb723a1b8  
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004", <incomplete sequence \343>) at  
rijndael.c:1132
#2  0xb72014c6 in rijndael_encrypt (context=0xbfb288e8, b=0xbfb28ad8  
"(\335%\267p\213\262\277\004{\343\t",
     a=0xb723a1b8  
"\001K\257\"x\246\235\063\035Q\200\020\066C\351\232gC\303\321Q\232\264\362͚x\253\t\245\021\275]\036\362\r\316ּ\274\022\023\032\307\305G\210\252\b\016\225\027\353\026wq\232\317r\200\206\004", <incomplete sequence \343>) at  
rijndael.c:1155
#3  0xb7201aa8 in selftest_basic_128 () at rijndael.c:1660
#4  0xb7201657 in selftest () at rijndael.c:1749
#5  do_setkey (keylen=16, key=0x9ff3fa8  
"\035\224<n\372KWy1\355\344y\260\332\064\031\030", ctx=0xa001e90)
     at rijndael.c:209
#6  rijndael_setkey (context=0xa001e90, key=0x9ff3fa8  
"\035\224<n\372KWy1\355\344y\260\332\064\031\030",
     keylen=16) at rijndael.c:444
#7  0xb71e5ae7 in cipher_setkey (c=0xa001e10, key=<optimized out>,  
keylen=16) at cipher.c:896
#8  0xb71dbe04 in gcry_cipher_setkey (hd=0xa001e10, key=0x9ff3fa8,  
keylen=16) at visibility.c:521
#9  0xb72faceb in wrap_gcry_cipher_setkey (ctx=0xa001e10,  
key=0x9ff3fa8, keysize=16) at cipher.c:115
#10 0xb727ea92 in _gnutls_cipher_init (handle=0x9ff485c,  
cipher=GNUTLS_CIPHER_AES_128_CBC, key=0x9ff4854,
     iv=0x9ff484c) at gnutls_cipher_int.c:71
#11 0xb7289d05 in _gnutls_init_record_state (read=1, state=0x9ff4844,  
params=<optimized out>)
     at gnutls_constate.c:299
#12 0xb728a2c1 in _gnutls_epoch_set_keys (session=0x9ff70c0, epoch=1)  
at gnutls_constate.c:431
#13 0xb728a997 in _gnutls_write_connection_state_init  
(session=0x9ff70c0) at gnutls_constate.c:602
#14 0xb7272fdd in _gnutls_send_handshake_final (session=0x9ff70c0,  
init=1) at gnutls_handshake.c:2888
#15 0xb72765e0 in _gnutls_handshake_common (session=0x9ff70c0) at  
gnutls_handshake.c:3121
#16 0xb7277fad in gnutls_handshake (session=0x9ff70c0) at  
gnutls_handshake.c:2690
#17 0xb74bfdac in tlsg_session_accept (session=0x9ff70a8) at tls_g.c:472
#18 0xb74bcd39 in ldap_int_tls_connect (ld=0x9e3ca30, conn=<optimized  
out>) at tls2.c:358
#19 0xb74bd917 in ldap_int_tls_start (ld=0x9e3ca30, conn=0x9e3c980,  
srv=0x0) at tls2.c:825
#20 0xb74bdc79 in ldap_install_tls (ld=0x9e3ca30) at tls2.c:897
#21 0xb74dbc1d in ?? () from /lib/libnss_ldap.so.2
#22 0xb74dc251 in ?? () from /lib/libnss_ldap.so.2
#23 0xb74dcaa5 in ?? () from /lib/libnss_ldap.so.2
#24 0xb74dcdf1 in ?? () from /lib/libnss_ldap.so.2
#25 0xb74dd570 in _nss_ldap_getpwnam_r () from /lib/libnss_ldap.so.2
#26 0xb773e495 in getpwnam_r () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#27 0xb773deff in getpwnam () from /lib/i386-linux-gnu/i686/cmov/libc.so.6
#28 0x08049594 in ?? ()
#29 0xb76bee46 in __libc_start_main () from  
/lib/i386-linux-gnu/i686/cmov/libc.so.6
#30 0x08049b49 in ?? ()
Backtrace stopped: Not enough registers or memory available to unwind further

Reverting to 1.4.6-9 fixed the problem.

Regards.


-- System Information:
Debian Release: wheezy/sid
   APT prefers unstable
   APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)

Kernel: Linux 3.0.0-1-686-pae (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libgcrypt11 depends on:
ii  libc6              2.13-21
ii  libgpg-error0      1.10-1
ii  multiarch-support  2.13-21

libgcrypt11 recommends no packages.

Versions of packages libgcrypt11 suggests:
pn  rng-tools  <none>

-- no debconf information

-- 
Marc Dequènes (Duck)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: PGP Digital Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20110927/2730d309/attachment.pgp>

More information about the Pkg-gnutls-maint mailing list