[Bug 1921518] Re: OpenSSL "double free" error

Dmitrii Shcherbakov 1921518 at bugs.launchpad.net
Fri Oct 1 11:54:50 UTC 2021 

Also I seem to be getting a SIGBUS signal only when function addresses
are not 4-byte aligned:

Thread 1 "curl" received signal SIGBUS, Bus error.
0x006358f58d277bf1 in ?? ()

Thread 1 "curl" received signal SIGBUS, Bus error.
0xb1b30b5cc1eb2dda in ?? ()

Thread 1 "curl" received signal SIGBUS, Bus error.
0x006358f58d277bf1 in ?? ()

Thread 1 "curl" received signal SIGBUS, Bus error.
0x4fc81bc04dc15a0d in ?? ()


When they are 4-byte aligned, I get SIGSEGV instead:

Thread 1 "curl" received signal SIGSEGV, Segmentation fault.
0x0023c42279cdf718 in ?? ()

Thread 1 "curl" received signal SIGSEGV, Segmentation fault.
0x0078cdaa17700aa4 in ?? ()

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1921518

Title:
  OpenSSL "double free" error

Status in openssl package in Ubuntu:
  Incomplete
Status in openssl source package in Focal:
  Incomplete

Bug description:
  "double free" error is seen when using curl utility. Error is from
  libcrypto.so which is part of the OpenSSL package. This happens only
  when OpenSSL is configured to use a dynamic engine.

  OpenSSL version is 1.1.1f

  The issue is not encountered if
  http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.

  
  OpenSSL can be configured to use a dynamic engine by editing the default openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu systems.

  On Bluefield systems, config diff to enable PKA dynamic engine, is as
  below:

  +openssl_conf = conf_section
  +
   # Extra OBJECT IDENTIFIER info:
   #oid_file              = $ENV::HOME/.oid
   oid_section            = new_oids
   
  +[ conf_section ]
  +engines = engine_section
  +
  +[ engine_section ]
  +bf = bf_section
  +
  +[ bf_section ]
  +engine_id=pka
  +dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
  +init=0
  +

  engine_id above refers to dynamic engine name/identifier.
  dynamic_path points to the .so file for the dynamic engine.

  # curl -O https://tpo.pe/pathogen.vim

  double free or corruption (out)

  Aborted (core dumped)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1921518/+subscriptions

More information about the foundations-bugs mailing list