[Pkg-openssl-devel] Bug#718993: libssl1.0.0: corrupted double-linked list

Hleb Valoshka hleb.valoshka at instinctools.by
Wed Aug 7 15:30:29 UTC 2013 

Package: libssl1.0.0
Version: 1.0.1e-2
Severity: important

Dear Maintainer,
When I try to run Apache2 httpd compiled with support for GOST cryptography,
it segfaults. There is output from GDB:
=== >>>
Starting program: /opt/apache-2.2.23-shared/bin/httpd -X
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
GOST engine already loaded

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff1ae7ffd in engine_list_remove (e=0x6c1750) at eng_list.c:179
179	eng_list.c: No such file or directory.
=== <<<

eng_list.c:
177        /* un-link e from the chain. */
178        if(e->next)
179                e->next->prev = e->prev;


Or for Apache with modules compiled in:
=== >>>
Starting program: /opt/apache-2.2.23/bin/httpd -X
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
GOST engine already loaded
*** glibc detected *** /opt/apache-2.2.23/bin/httpd: corrupted double-linked list: 0x00000000007deca0 ***
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x76d76)[0x7ffff6329d76]
/lib/x86_64-linux-gnu/libc.so.6(+0x7880c)[0x7ffff632b80c]
/lib/x86_64-linux-gnu/libc.so.6(cfree+0x6c)[0x7ffff632eaac]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(CRYPTO_free+0x1d)[0x7ffff78130cd]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(+0xe38b8)[0x7ffff787d8b8]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(ENGINE_remove+0xa4)[0x7ffff787e034]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(+0xe4105)[0x7ffff787e105]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(+0xe3656)[0x7ffff787d656]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(sk_pop_free+0x30)[0x7ffff788d1b0]
/usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0(ENGINE_cleanup+0x1c)[0x7ffff787d9dc]
/opt/apache-2.2.23/bin/httpd[0x45a538]
/opt/apache-2.2.23/lib/libapr-1.so.0(apr_pool_destroy+0x7e)[0x7ffff6eb668e]
/opt/apache-2.2.23/lib/libapr-1.so.0(apr_pool_destroy+0x55)[0x7ffff6eb6665]
/opt/apache-2.2.23/bin/httpd[0x43061e]
/opt/apache-2.2.23/bin/httpd(main+0x75a)[0x4300da]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xfd)[0x7ffff62d1ead]
/opt/apache-2.2.23/bin/httpd[0x43050d]
=== <<<

But if I link Apache against openssl1.0.0k installed into /opt/ it runs 
without problems.

The patch for Apache was taken from
http://cryptocom.ru/opensource/apache-2.2.23-openssl-1.0.1c.diff

-- System Information:
Debian Release: 7.1
  APT prefers stable-updates
  APT policy: (990, 'stable-updates'), (990, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=be_BY.UTF-8, LC_CTYPE=be_BY.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

More information about the Pkg-openssl-devel mailing list