[Bug 1865558] [NEW] gdm-session-worker segmentation fault when checking online crl from smartcard authentication

Nicholas Clark 1865558 at bugs.launchpad.net
Mon Mar 2 18:44:18 UTC 2020 

Public bug reported:

Error occurs after pin for the PIV card is entered into the GNOME login GUI.
Error in /var/log/messages:
gdm-session-wor[23783]: segfault at 0 ip 00007f3e851589ab sp 00007ffd2e747300 error 6 in libcrypto.so.1.1[7f3e84f6a000+29b000]

Remove "crl_online" from cert_policy in /etc/pam_pkcs11/pam_pkcs11.conf
and there is no segmentation fault.

openssl 1.1.1-1ubuntu2.1~18.04.5
opensc 0.17.0-3
libpam-pkcs11 0.6.9-2build2

Using opensc pkcs11_module.
Smartcard has a CRL URL set with FQDN and the prefix of the URL is http://.
This did not exist in Ubuntu 16. This started in 18.04 (first release) and has existed in all minor versions of 18.

** Affects: openssl (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: crl gdm-session-worker libcrypto segfault smartcard

** Package changed: gnome-settings-daemon (Ubuntu) => openssl (Ubuntu)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1865558

Title:
  gdm-session-worker segmentation fault when checking online crl from
  smartcard authentication

Status in openssl package in Ubuntu:
  New

Bug description:
  Error occurs after pin for the PIV card is entered into the GNOME login GUI.
  Error in /var/log/messages:
  gdm-session-wor[23783]: segfault at 0 ip 00007f3e851589ab sp 00007ffd2e747300 error 6 in libcrypto.so.1.1[7f3e84f6a000+29b000]

  Remove "crl_online" from cert_policy in
  /etc/pam_pkcs11/pam_pkcs11.conf and there is no segmentation fault.

  openssl 1.1.1-1ubuntu2.1~18.04.5
  opensc 0.17.0-3
  libpam-pkcs11 0.6.9-2build2

  Using opensc pkcs11_module.
  Smartcard has a CRL URL set with FQDN and the prefix of the URL is http://.
  This did not exist in Ubuntu 16. This started in 18.04 (first release) and has existed in all minor versions of 18.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1865558/+subscriptions

More information about the foundations-bugs mailing list