[Pkg-openssl-devel] Bug#838905: libssl1.0.2: openssl 1.0.2i has segfault in CRL processing

Mon Sep 26 10:30:11 UTC 2016

Package: libssl1.0.2
Version: 1.0.2i-1
Severity: normal

Dear Maintainer,

If I edit test/pkits-test.pl (making $ossl_path = "/usr/bin/openssl"),
add a pkits with the PKITS tests and run it, openssl segfaults.

#0  0x00007fb0b1b8fd20 in get_crl_sk (ctx=ctx at entry=0x7ffea36f3890, pcrl=pcrl at entry=0x7ffea36f3788, pdcrl=pdcrl at entry=0x7ffea36f3790, 
    pissuer=pissuer at entry=0x7ffea36f3780, pscore=pscore at entry=0x7ffea36f3770, preasons=preasons at entry=0x7ffea36f3774, crls=0x17c6bd0) at x509_vfy.c:1160
#1  0x00007fb0b1b900c6 in get_crl_delta (x=0x17c8340, pdcrl=<synthetic pointer>, pcrl=0x7ffea36f3778, ctx=0x7ffea36f3890) at x509_vfy.c:1603
#2  check_cert (ctx=0x7ffea36f3890) at x509_vfy.c:1007
#3  check_revocation (ctx=0x7ffea36f3890) at x509_vfy.c:980
#4  0x00007fb0b1b9133e in X509_verify_cert (ctx=ctx at entry=0x7ffea36f3890) at x509_vfy.c:483
#5  0x00007fb0b1bbcd82 in cms_signerinfo_verify_cert (si=<optimized out>, store=store at entry=0x17c3430, certs=certs at entry=0x17c6b70, 
    crls=crls at entry=0x17c6bd0, flags=0) at cms_smime.c:283
#6  0x00007fb0b1bbd400 in CMS_verify (cms=0x17bd610, certs=0x0, store=0x17c3430, dcont=0x17c3030, out=0x17c3160, flags=0) at cms_smime.c:345

This is bug #1611, https://github.com/openssl/openssl/issues/1611

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 4.5.0-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libssl1.0.2 depends on:
ii  debconf [debconf-2.0]  1.5.59
ii  libc6                  2.23-5

libssl1.0.2 recommends no packages.

libssl1.0.2 suggests no packages.

-- debconf information:
  libssl1.0.2/restart-services:
  libssl1.0.2/restart-failed: