[Pkg-openssl-devel] Bug#670581: Bug#670581: openssl: ntpd segfaults with error 4 in libcrypto.so.0.9.8 on Debian squeeze

Andris Kalnozols andris at hpl.hp.com
Tue May 1 00:25:44 UTC 2012 

On 4/30/2012 3:07 AM, Kurt Roeckx wrote:
> On Sun, Apr 29, 2012 at 05:13:39PM -0700, Andris Kalnozols wrote:
>> I also added the following code:
>>
>> --- ntp_crypto.c.orig   2009-12-08 23:36:35.000000000 -0800
>> +++ ntp_crypto.c        2012-04-29 15:16:50.181208921 -0700
>> @@ -230,6 +230,38 @@
>>                  break;
>>          }
> Can you add this line:
> 	EVP_MD_CTX_init(&ctx);
>
> Before this line:
> 	
>>          EVP_DigestInit(&ctx, EVP_get_digestbynid(crypto_nid));
> The documentation clearly says that ctx must be initialized before
> calling EVP_DigestInit{_ex}
>
>
>
> Kurt
>

I added the EVP_MD_CTX_init() routine as suggested but still get the
same failure after a while:


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7ffff7fe8700 (LWP 2771)]
0x00007ffff767eec3 in EVP_DigestUpdate (ctx=0x7fffffffda30,
     data=0x7fffffffd9c0, count=16) at digest.c:325
325     digest.c: No such file or directory.
         in digest.c
(gdb) bt full
#0  0x00007ffff767eec3 in EVP_DigestUpdate (ctx=0x7fffffffda30,
     data=0x7fffffffd9c0, count=16) at digest.c:325
No locals.
#1  0x000000000041e99b in session_key (srcadr=0x7070f0, dstadr=0x70d1b0,
     keyno=0, private=1378153285, lifetime=0) at ntp_crypto.c:266
         ctx = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0}
         dgst = "\016\000\000\000\000\000\000\000\320\341\377\377\377\177\000\000P\337\377\377\377\177\000\000P\266\377\367\377\177\000\000\370\337\377\377\377\177\000\000\214\031A\000\000\000\000\000`\332\377\377\377\177\000\000\000\000\000\000\000\000\000"
         keyid = 32767
         header = {3096497361, 84048844, 0, 1173562450, 0, 0, 4779203, 0, 4779203, 0}
         hdlen = 16
         len = 32767


30 Apr 13:30:59 ntpd[2771]: session_key() IPv4 data: header[0]=3096497361, src_addr=209.204.144.184,
    header[1]=84048844, dst_addr=204.123.2.5
30 Apr 13:30:59 ntpd[2771]: remaining session_key() data [host byte order]: hdlen=16, keyno=0,
    private=1378153285, crypto_nid=4, ctx.flags=0

According to the EVP_DigestInit(3SSL) man page installed on my system, I see this:

        EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except
        the passed context ctx does not have to be initialized, and it always
        uses the default digest implementation.

So it appears that NTP's session_key() is calling the digest routines correctly.

In `digest.c', the failing line of code seems to involve a function pointer
if I'm interpreting the EVP_MD structure correctly from `crypto/evp/evp.h:

   int (*update)(EVP_MD_CTX *ctx,const void *data,size_t count);

I made a guess that *update pointed to HASH_UPDATE() in `crypto/md32_common.h'
and put in some debugging statements there.  However, when running the NTP daemon
in the foreground, there was no output from any of the HASH_UPDATE() printf()
statements prior to the segfault.

Regards,
Andris

More information about the Pkg-openssl-devel mailing list