[Bug 1921518] Re: OpenSSL "double free" error

Julian Andres Klode 1921518 at bugs.launchpad.net
Fri Nov 12 17:40:44 UTC 2021 

The fix for curl is being tracked in bug 1940528

** No longer affects: curl (Ubuntu)

** No longer affects: curl (Ubuntu Focal)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to curl in Ubuntu.
https://bugs.launchpad.net/bugs/1921518

Title:
  OpenSSL "double free" error

Status in openssl package in Ubuntu:
  Incomplete
Status in wget package in Ubuntu:
  Fix Released
Status in openssl source package in Focal:
  Incomplete
Status in wget source package in Focal:
  In Progress

Bug description:
  [Impact]
  openssl config file is being loaded twice, causing engines to be loaded twice if specified therein, causing double free errors and other strange behavior.

  [Test plan]
  Run the command of the package being tested in

  gdb  -ex "break CONF_modules_load_file" -ex "run" --args

  and make sure it only breaks one.

  [Where problems could occur]

  wget: This is an upstream change that changes initialization and is in
  use in later releases. Since it mostly removes an unneeded call to the
  load file function, a regression could be a config file being ignored,
  but it seems unlikely given the use in later releases

  [Original bug report]
  "double free" error is seen when using curl utility. Error is from libcrypto.so which is part of the OpenSSL package. This happens only when OpenSSL is configured to use a dynamic engine.

  OpenSSL version is 1.1.1f

  The issue is not encountered if
  http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.

  OpenSSL can be configured to use a dynamic engine by editing the
  default openssl config file which is located at '/etc/ssl/openssl.cnf'
  on Ubuntu systems.

  On Bluefield systems, config diff to enable PKA dynamic engine, is as
  below:

  +openssl_conf = conf_section
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file              = $ENV::HOME/.oid
   oid_section            = new_oids

  +[ conf_section ]
  +engines = engine_section
  +
  +[ engine_section ]
  +bf = bf_section
  +
  +[ bf_section ]
  +engine_id=pka
  +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
  +init=0
  +

  engine_id above refers to dynamic engine name/identifier.
  dynamic_path points to the .so file for the dynamic engine.

  # curl -O https://tpo.pe/pathogen.vim

  double free or corruption (out)

  Aborted (core dumped)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+subscriptions

More information about the foundations-bugs mailing list