Debian Bug report logs - #534656
libssl0.9.8: Another valgring/helgrind error Possible data race

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Russell Coker <russell@coker.com.au>

Date: Fri, 26 Jun 2009 04:57:01 UTC

Severity: normal

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534656; Package libssl0.9.8. (Fri, 26 Jun 2009 04:57:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Fri, 26 Jun 2009 04:57:03 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libssl0.9.8: Another valgring/helgrind error Possible data race
Date: Fri, 26 Jun 2009 14:54:55 +1000
Package: libssl0.9.8
Version: 0.9.8g-15+lenny1
Severity: normal

==27060== Possible data race during read of size 8 at 0x55efc28 by thread #3
==27060==    at 0x5318A94: RSA_get_default_method (rsa_lib.c:88)
==27060==    by 0x5318AEF: RSA_new_method (rsa_lib.c:139)
==27060==    by 0x531B76C: rsa_cb (rsa_asn1.c:80)
==27060==    by 0x534CB42: asn1_item_ex_combine_new (tasn_new.c:177)
==27060==    by 0x53501E4: ASN1_item_ex_d2i (tasn_dec.c:399)
==27060==    by 0x53502B3: ASN1_item_d2i (tasn_dec.c:134)
==27060==    by 0x534863C: d2i_PublicKey (d2i_pu.c:96)
==27060==    by 0x534624F: X509_PUBKEY_get (x_pubkey.c:364)
==27060==    by 0x5346C07: d2i_PUBKEY (x_pubkey.c:390)
==27060==    by 0x40D580: SelectorInfo::Parse(char*) (dkimverify.cpp:1312)
==27060==    by 0x40E1A4: CDKIMVerify::GetSelector(std::string const&, std::stri
ng const&) (dkimverify.cpp:1369)
==27060==    by 0x410220: CDKIMVerify::ProcessHeaders() (dkimverify.cpp:719)
==27060==  This conflicts with a previous write of size 8 by thread #2
==27060==    at 0x5318AB5: RSA_get_default_method (rsa_lib.c:96)
==27060==    by 0x5318AEF: RSA_new_method (rsa_lib.c:139)
==27060==    by 0x531B76C: rsa_cb (rsa_asn1.c:80)
==27060==    by 0x534CB42: asn1_item_ex_combine_new (tasn_new.c:177)
==27060==    by 0x53501E4: ASN1_item_ex_d2i (tasn_dec.c:399)
==27060==    by 0x53502B3: ASN1_item_d2i (tasn_dec.c:134)
==27060==    by 0x534863C: d2i_PublicKey (d2i_pu.c:96)
==27060==    by 0x534624F: X509_PUBKEY_get (x_pubkey.c:364)

The above is from an AMD64 system running the latest Debian/Lenny packages.
Here is the OpenSSL source code in question with ifdef stuff removed:
        if (default_RSA_meth == NULL)  // line 88
                {
                default_RSA_meth=RSA_PKCS1_SSLeay(); // line 96

Is it guaranteed that a pointer write is atomic?  If it is possible for the
assignment on line 96 to half-complete before a task switch (IE write 4 bytes
of the 8 byte AMD64 pointer) then the above code has a race condition.

In any case this is a race condition with the RSA_set_default_method() function
81 of rsa_lib.c.




Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sat, 19 Nov 2011 09:50:23 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sat, 19 Nov 2011 09:50:28 GMT) Full text and rfc822 format available.

Message #10 received at 534656-done@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 351684-done@bugs.debian.org,394107-done@bugs.debian.org,431918-done@bugs.debian.org,511727-done@bugs.debian.org,520021-done@bugs.debian.org,524682-done@bugs.debian.org,526747-done@bugs.debian.org,534534-done@bugs.debian.org,534656-done@bugs.debian.org,534683-done@bugs.debian.org,534685-done@bugs.debian.org,534687-done@bugs.debian.org,534699-done@bugs.debian.org,534706-done@bugs.debian.org,534889-done@bugs.debian.org,534892-done@bugs.debian.org,536229-done@bugs.debian.org,546521-done@bugs.debian.org,556968-done@bugs.debian.org,557261-done@bugs.debian.org,561558-done@bugs.debian.org,645805-done@bugs.debian.org,
Cc: openssl098@packages.debian.org, openssl098@packages.qa.debian.org
Subject: Bug#641975: Removed package(s) from unstable
Date: Sat, 19 Nov 2011 09:44:37 +0000
Version: 0.9.8o-7+rm

Dear submitter,

as the package openssl098 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/641975

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)




Bug No longer marked as fixed in versions 0.9.8o-7+rm and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:46 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libssl0.9.8' to 'openssl'. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:58 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions openssl/0.9.8g-15+lenny1. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:59 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 19:12:30 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.