[Bug 1075916] [NEW] 'openssl ca' segfaults on second run

Alexander Sashnov 1075916 at bugs.launchpad.net
Wed Nov 7 10:50:50 UTC 2012 

Public bug reported:

Openssl binary segfault on try to sign certificate.

Steps to reproduce:

1. create root CA (self-signed certificate)
2. create 'local CA' directory structure by something like this (see full shell script in attach):

CA_DIR=demoCA
mkdir -p $CA_DIR/signedcerts    # contains copies of each signed certificate
mkdir -p $CA_DIR/private        # contains the private key
mkdir -p $CA_DIR/tmp            # temporary certificate sign request files
echo '01' > $CA_DIR/serial
touch $CA_DIR/index.txt

3. Generate sign request and sign first certificate (openssl req,
openssl ca)

4. Try do it again for next certificate.

Actual result:

First certificate is signed, but on try to sign second openssl
segfaults.

Expected result:

Explain what wron with 'demoCA' directory instead of segfault.

Additional details:

Into attachment small script for reproduce the bug.

Possible it is my (I'm not sure):
https://errors.ubuntu.com/bucket/?id=%2Fusr%2Fbin%2Fopenssl%3A11%3Aasn1_cb%3ACONF_parse_list%3AASN1_generate_v3%3Aasn1_multi%3AASN1_generate_v3

Ubuntu 12.04.1 LTS   x86_64
openssl            1.0.1-4ubuntu5.5

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: openssl 1.0.1-4ubuntu5.5
ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
Uname: Linux 3.2.0-32-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu14
Architecture: amd64
Date: Wed Nov  7 12:16:31 2012
InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
ProcEnviron:
 TERM=xterm
 PATH=(custom, user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug precise running-unity

** Attachment added: "openssl_ca_crash_reproduce.sh"
   https://bugs.launchpad.net/bugs/1075916/+attachment/3426521/+files/openssl_ca_crash_reproduce.sh

** Description changed:

  Openssl binary segfault on try to sign certificate.
  
  Steps to reproduce:
  
  1. create root CA (self-signed certificate)
  2. create 'local CA' directory structure by something like this (see full shell script in attach):
  
  CA_DIR=demoCA
- mkdir -p $CA_DIR/signedcerts    # contains copies of each signed certificate 
- mkdir -p $CA_DIR/private        # contains the private key 
+ mkdir -p $CA_DIR/signedcerts    # contains copies of each signed certificate
+ mkdir -p $CA_DIR/private        # contains the private key
  mkdir -p $CA_DIR/tmp            # temporary certificate sign request files
  echo '01' > $CA_DIR/serial
  touch $CA_DIR/index.txt
  
  3. Generate sign request and sign first certificate (openssl req,
  openssl ca)
  
  4. Try do it again for next certificate.
  
- 
  Actual result:
  
  First certificate is signed, but on try to sign second openssl
  segfaults.
  
- 
  Expected result:
  
  Explain what wron with 'demoCA' directory instead of segfault.
- 
  
  Additional details:
  
  Into attachment small script for reproduce the bug.
  
  Ubuntu 12.04.1 LTS   x86_64
  openssl            1.0.1-4ubuntu5.5
  
  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: openssl 1.0.1-4ubuntu5.5
  ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
  Uname: Linux 3.2.0-32-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu14
  Architecture: amd64
  Date: Wed Nov  7 12:16:31 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  ProcEnviron:
-  TERM=xterm
-  PATH=(custom, user)
-  LANG=en_US.UTF-8
-  SHELL=/bin/bash
+  TERM=xterm
+  PATH=(custom, user)
+  LANG=en_US.UTF-8
+  SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

** Description changed:

  Openssl binary segfault on try to sign certificate.
  
  Steps to reproduce:
  
  1. create root CA (self-signed certificate)
  2. create 'local CA' directory structure by something like this (see full shell script in attach):
  
  CA_DIR=demoCA
  mkdir -p $CA_DIR/signedcerts    # contains copies of each signed certificate
  mkdir -p $CA_DIR/private        # contains the private key
  mkdir -p $CA_DIR/tmp            # temporary certificate sign request files
  echo '01' > $CA_DIR/serial
  touch $CA_DIR/index.txt
  
  3. Generate sign request and sign first certificate (openssl req,
  openssl ca)
  
  4. Try do it again for next certificate.
  
  Actual result:
  
  First certificate is signed, but on try to sign second openssl
  segfaults.
  
  Expected result:
  
  Explain what wron with 'demoCA' directory instead of segfault.
  
  Additional details:
  
  Into attachment small script for reproduce the bug.
  
+ Into another attachment is backtrace for openssl compiled by hands (apt-
+ get source openssl, configure with debug, make)
+ 
+ Possible it is my (I'm not sure):
+ https://errors.ubuntu.com/bucket/?id=%2Fusr%2Fbin%2Fopenssl%3A11%3Aasn1_cb%3ACONF_parse_list%3AASN1_generate_v3%3Aasn1_multi%3AASN1_generate_v3
+ 
+ 
+ 
  Ubuntu 12.04.1 LTS   x86_64
  openssl            1.0.1-4ubuntu5.5
  
  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: openssl 1.0.1-4ubuntu5.5
  ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
  Uname: Linux 3.2.0-32-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu14
  Architecture: amd64
  Date: Wed Nov  7 12:16:31 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1075916

Title:
  'openssl ca' segfaults on second run

Status in “openssl” package in Ubuntu:
  New

Bug description:
  Openssl binary segfault on try to sign certificate.

  Steps to reproduce:

  1. create root CA (self-signed certificate)
  2. create 'local CA' directory structure by something like this (see full shell script in attach):

  CA_DIR=demoCA
  mkdir -p $CA_DIR/signedcerts    # contains copies of each signed certificate
  mkdir -p $CA_DIR/private        # contains the private key
  mkdir -p $CA_DIR/tmp            # temporary certificate sign request files
  echo '01' > $CA_DIR/serial
  touch $CA_DIR/index.txt

  3. Generate sign request and sign first certificate (openssl req,
  openssl ca)

  4. Try do it again for next certificate.

  Actual result:

  First certificate is signed, but on try to sign second openssl
  segfaults.

  Expected result:

  Explain what wron with 'demoCA' directory instead of segfault.

  Additional details:

  Into attachment small script for reproduce the bug.

  Possible it is my (I'm not sure):
  https://errors.ubuntu.com/bucket/?id=%2Fusr%2Fbin%2Fopenssl%3A11%3Aasn1_cb%3ACONF_parse_list%3AASN1_generate_v3%3Aasn1_multi%3AASN1_generate_v3

  Ubuntu 12.04.1 LTS   x86_64
  openssl            1.0.1-4ubuntu5.5

  ProblemType: Bug
  DistroRelease: Ubuntu 12.04
  Package: openssl 1.0.1-4ubuntu5.5
  ProcVersionSignature: Ubuntu 3.2.0-32.51-generic 3.2.30
  Uname: Linux 3.2.0-32-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.0.1-0ubuntu14
  Architecture: amd64
  Date: Wed Nov  7 12:16:31 2012
  InstallationMedia: Ubuntu 12.04 LTS "Precise Pangolin" - Release amd64 (20120425)
  ProcEnviron:
   TERM=xterm
   PATH=(custom, user)
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: openssl
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1075916/+subscriptions

More information about the foundations-bugs mailing list