[Bug 1951279] Re: OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Juan 1951279 at bugs.launchpad.net
Fri Nov 19 15:36:43 UTC 2021 

I installed the debug symbols and run OpenSSL however GDB is not
returned valuable information about the backtrace.

This is what I received:

GNU gdb (Ubuntu 9.2-0ubuntu1~20.04) 9.2
Copyright (C) 2020 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "aarch64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
    <http://www.gnu.org/software/gdb/documentation/>.

For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from openssl...
Reading symbols from /usr/lib/debug/.build-id/a2/f3e269767a7410ab51fafa0461e7f051144517.debug...
(gdb) run s_client -showcerts -connect graph.facebook.com:443
Starting program: /usr/bin/openssl s_client -showcerts -connect graph.facebook.com:443
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1".
CONNECTED(00000003)

Program received signal SIGSEGV, Segmentation fault.
0x0020fffff7e0809c in ?? ()
(gdb) bt
#0  0x0020fffff7e0809c in ?? ()
Backtrace stopped: previous frame identical to this frame (corrupt stack?)
(gdb) frame 0
#0  0x0020fffff7e0809c in ?? ()

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1951279

Title:
  OpenSSL 1.1.1f raise a segmentation faults on Arm64 builds

Status in openssl package in Ubuntu:
  Incomplete

Bug description:
  Description
  -----------

  It seems that current Ubuntu 20.04 (Focal) distribution for
  Arm64/Aarch64 raise a segmentation fault when certain validates some
  certificates.

  This issue affects only to Arm64/Aarch64 all the tools statically or
  dynamically linked with this version of the library are affected
  (Libcurl4, Curl, Wget, OpenJDK, Curl-PHP, etc).

  
  Environment and platform
  ------------------------
  Linux 5.4.0-89-generic #100-Ubuntu SMP Fri Sep 24 14:29:20 UTC 2021 aarch64 aarch64 aarch64 GNU/Linux

  
  Steps to reproduce
  ------------------

  1. Run:

  curl -v https://graph.facebook.com/v12.0/act_111/

  or

  wget https://graph.facebook.com/v12.0/act_111/

  
  Result received
  ---------------

  Segmentation fault (core dumped)

  
  Notes
  -----

  This bug was found by the Curl users:
  See: https://github.com/curl/curl/issues/8024

  I believe that this bug is related to
  https://ubuntu.com/security/CVE-2020-1967 that maybe used as a vector
  point for code injection.

  Actually there isn't any replacement for OpenSSL 1.1.1f for Focal
  (Arm64), so it makes difficult to use Ubuntu 20.04 in a production
  environment.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1951279/+subscriptions

More information about the foundations-bugs mailing list