[Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Wed Nov 17 21:37:13 UTC 2021

Can you provide more information on your environment and how to
reproduce this? I wasn't able to reproduce this on my rpi3b+ running
focal, with either libssl1.1 1.1.1f-1ubuntu2.8 or 1.1.1f-1ubuntu2.9:

First, 1.1.1f-1ubuntu2.8 installed:

$ curl -v https://graph.facebook.com/v12.0/act_111/
*   Trying 157.240.3.20:443...
* TCP_NODELAY set
* Connected to graph.facebook.com (157.240.3.20) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com
*  start date: Nov  4 00:00:00 2021 GMT
*  expire date: Feb  2 23:59:59 2022 GMT
*  subjectAltName: host "graph.facebook.com" matched cert's "*.facebook.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaac4c9dee0)
> GET /v12.0/act_111/ HTTP/2
> Host: graph.facebook.com
> user-agent: curl/7.68.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 403 
< vary: Origin
< x-ad-account-usage: {"acc_id_util_pct":0}
< x-fb-rlafr: 0
< content-type: application/json; charset=UTF-8
< www-authenticate: OAuth "Facebook Platform" "insufficient_scope" "(#200) Provide valid app ID"
< access-control-allow-origin: *
< facebook-api-version: v12.0
< strict-transport-security: max-age=15552000; preload
< pragma: no-cache
< cache-control: no-store
< expires: Sat, 01 Jan 2000 00:00:00 GMT
< x-fb-request-id: AYFxZKGuw4Uidu_b6_RsyRn
< x-fb-trace-id: C1HBc2Oi1S3
< x-fb-rev: 1004746171
< x-fb-debug: yza+SwSrqD6mY1INQSyb5rcHmU89PziSoE3txYwg1BjWybYcgB36mUMVxq9bsRAJXZGkc34nNcSps5APpyG8QA==
< content-length: 125
< date: Wed, 17 Nov 2021 20:48:02 GMT
< alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
< 
* Connection #0 to host graph.facebook.com left intact
{"error":{"message":"(#200) Provide valid app ID","type":"OAuthException","code":200,"fbtrace_id":"AYFxZKGuw4Uidu_b6_RsyRn"}}ubuntu at ubuntu:~ $ wget https://graph.facebook.com/v12.0/act_111/
--2021-11-17 20:48:16--  https://graph.facebook.com/v12.0/act_111/
Resolving graph.facebook.com (graph.facebook.com)... 157.240.3.20, 2a03:2880:f001:6:face:b00c:0:2
Connecting to graph.facebook.com (graph.facebook.com)|157.240.3.20|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-11-17 20:48:16 ERROR 403: Forbidden.

ubuntu at ubuntu:~ 8 $

Next, 1.1.1f-1ubuntu2.9 installed:

ubuntu at ubuntu:~ 10s $ curl -v https://graph.facebook.com/v12.0/act_111/
*   Trying 157.240.3.20:443...
* TCP_NODELAY set
* Connected to graph.facebook.com (157.240.3.20) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=California; L=Menlo Park; O=Facebook, Inc.; CN=*.facebook.com
*  start date: Nov  4 00:00:00 2021 GMT
*  expire date: Feb  2 23:59:59 2022 GMT
*  subjectAltName: host "graph.facebook.com" matched cert's "*.facebook.com"
*  issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0xaaaaf7766ee0)
> GET /v12.0/act_111/ HTTP/2
> Host: graph.facebook.com
> user-agent: curl/7.68.0
> accept: */*
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
< HTTP/2 403 
< vary: Origin
< x-ad-account-usage: {"acc_id_util_pct":0}
< x-fb-rlafr: 0
< content-type: application/json; charset=UTF-8
< www-authenticate: OAuth "Facebook Platform" "insufficient_scope" "(#200) Provide valid app ID"
< access-control-allow-origin: *
< facebook-api-version: v12.0
< strict-transport-security: max-age=15552000; preload
< pragma: no-cache
< cache-control: no-store
< expires: Sat, 01 Jan 2000 00:00:00 GMT
< x-fb-request-id: Am3RN54patCCpaHOyAFFei2
< x-fb-trace-id: DRBLeslKDkd
< x-fb-rev: 1004746932
< x-fb-debug: uKL59lodhRXYgSVNGEttmwHpFrCHYdUtuRqAl0zFKuCA70xBHp365dz/H7gg2MFE4/qQaY7d4AlhjpSynjKa3A==
< content-length: 125
< date: Wed, 17 Nov 2021 21:35:20 GMT
< priority: u=3,i
< alt-svc: h3=":443"; ma=3600, h3-29=":443"; ma=3600
< 
* Connection #0 to host graph.facebook.com left intact
{"error":{"message":"(#200) Provide valid app ID","type":"OAuthException","code":200,"fbtrace_id":"Am3RN54patCCpaHOyAFFei2"}}ubuntu at ubuntu:~ $ wget https://graph.facebook.com/v12.0/act_111/ 
ubuntu at ubuntu:~ $ wget https://graph.facebook.com/v12.0/act_111/
--2021-11-17 21:35:33--  https://graph.facebook.com/v12.0/act_111/
Resolving graph.facebook.com (graph.facebook.com)... 157.240.3.20, 2a03:2880:f001:6:face:b00c:0:2
Connecting to graph.facebook.com (graph.facebook.com)|157.240.3.20|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
2021-11-17 21:35:33 ERROR 403: Forbidden.

ubuntu at ubuntu:~ 8 $

If you're able to reproduce this problem, please install the debug symbol packages needed to get useful backtraces: https://wiki.ubuntu.com/Debug%20Symbol%20Packages

Thanks

** Changed in: openssl (Ubuntu)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1951279

Title:
  OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  Description
  -----------

  It seems that current Ubuntu 20.04 (Focal) distribution for
  Arm64/Aarch64 raise a segmentation fault when certain validates some
  certificates.

  This issue affects only to Arm64/Aarch64 all the tools statically or
  dynamically linked with this version of the library are affected
  (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).

  Environment and platform
  ------------------------
  Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux

  Steps to reproduce
  ------------------

  1. Run:

  curl -v https://graph.facebook.com/v12.0/act_111/

  or

  wget https://graph.facebook.com/v12.0/act_111/

  Result received
  ---------------

  Segmentation fault (core dumped)

  Notes
  -----

  This bug was found by the Curl users:
  See: https://github.com/curl/curl/issues/8024

  I believe that this bug is related to
  https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
  point for code injection.

  Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
  (Arm64), so it makes difficult to use Ubuntu 20.04 in a production
  environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions