Debian Bug report logs - #534687
libssl0.9.8: lh_retrieve modifies global data, bug in valgrind or OpenSSL?

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Russell Coker <russell@coker.com.au>

Date: Fri, 26 Jun 2009 11:18:01 UTC

Severity: normal

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534687; Package libssl0.9.8. (Fri, 26 Jun 2009 11:18:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Fri, 26 Jun 2009 11:18:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libssl0.9.8: lh_retrieve modifies global data, bug in valgrind or OpenSSL?
Date: Fri, 26 Jun 2009 21:09:13 +1000
Package: libssl0.9.8
Version: 0.9.8g-15+lenny1
Severity: normal

==27681== Possible data race during write of size 4 at 0x652e2f0 by thread #5
==27681==    at 0x5330C84: lh_retrieve (lhash.c:254)
==27681==    by 0x52D12E1: def_get_class (ex_data.c:301)
==27681==    by 0x52D180A: int_new_ex_data (ex_data.c:404)
==27681==    by 0x5318BD7: RSA_new_method (rsa_lib.c:185)
==27681==    by 0x531B76C: rsa_cb (rsa_asn1.c:80)
==27681==    by 0x534CB42: asn1_item_ex_combine_new (tasn_new.c:177)
==27681==    by 0x53501E4: ASN1_item_ex_d2i (tasn_dec.c:399)
==27681==    by 0x53502B3: ASN1_item_d2i (tasn_dec.c:134)
==27681==    by 0x534863C: d2i_PublicKey (d2i_pu.c:96)
==27681==    by 0x534624F: X509_PUBKEY_get (x_pubkey.c:364)
==27681==    by 0x5346C07: d2i_PUBKEY (x_pubkey.c:390)
==27681==    by 0x40D480: SelectorInfo::Parse(char*) (dkimverify.cpp:1312)

The above is from a helgrind run on my AMD64 system.

void *lh_retrieve(LHASH *lh, const void *data)
        {
        lh->error=0;

The relevant code from lhash.c is above, it writes to data in the LHASH
structure pointed to by the first parameter.

static EX_CLASS_ITEM *def_get_class(int class_index)
        {
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
        p = lh_retrieve(ex_data, &d);

The relevant code from ex_data.c is above.  It seems that the lock
CRYPTO_LOCK_EX_DATA will protect the data, so maybe valgrind is getting this
wrong.  Valgrind 3.3.1 seemed to miss the CRYPTO_w_lock() type calls, but
I'm using 3.4.1.  Maybe this is a bug in valgrind?  If you think so then feel
free to reassign it.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534687; Package libssl0.9.8. (Fri, 26 Jun 2009 13:15:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Fri, 26 Jun 2009 13:15:03 GMT) Full text and rfc822 format available.

Message #10 received at 534687@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: 534687@bugs.debian.org
Subject: A second version of this
Date: Fri, 26 Jun 2009 23:07:41 +1000
==28288== Possible data race during read of size 8 at 0x65394a0 by thread #3
==28288==    at 0x5330A66: lh_insert (lhash.c:186)
==28288==    by 0x52D1367: def_get_class (ex_data.c:316)
==28288==    by 0x52D180A: int_new_ex_data (ex_data.c:404)
==28288==    by 0x5318BD7: RSA_new_method (rsa_lib.c:185)
==28288==    by 0x531B76C: rsa_cb (rsa_asn1.c:80)
==28288==    by 0x534CB42: asn1_item_ex_combine_new (tasn_new.c:177)
==28288==    by 0x53501E4: ASN1_item_ex_d2i (tasn_dec.c:399)
==28288==    by 0x53502B3: ASN1_item_d2i (tasn_dec.c:134)
==28288==    by 0x534863C: d2i_PublicKey (d2i_pu.c:96)
==28288==    by 0x534624F: X509_PUBKEY_get (x_pubkey.c:364)
==28288==    by 0x5346C07: d2i_PUBKEY (x_pubkey.c:390)
==28288==    by 0x40D480: SelectorInfo::Parse(char*) (dkimverify.cpp:1312)

I also see the above variation.  It's still within the 
CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA) region.




Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sat, 19 Nov 2011 09:51:05 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sat, 19 Nov 2011 09:51:10 GMT) Full text and rfc822 format available.

Message #15 received at 534687-done@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 351684-done@bugs.debian.org,394107-done@bugs.debian.org,431918-done@bugs.debian.org,511727-done@bugs.debian.org,520021-done@bugs.debian.org,524682-done@bugs.debian.org,526747-done@bugs.debian.org,534534-done@bugs.debian.org,534656-done@bugs.debian.org,534683-done@bugs.debian.org,534685-done@bugs.debian.org,534687-done@bugs.debian.org,534699-done@bugs.debian.org,534706-done@bugs.debian.org,534889-done@bugs.debian.org,534892-done@bugs.debian.org,536229-done@bugs.debian.org,546521-done@bugs.debian.org,556968-done@bugs.debian.org,557261-done@bugs.debian.org,561558-done@bugs.debian.org,645805-done@bugs.debian.org,
Cc: openssl098@packages.debian.org, openssl098@packages.qa.debian.org
Subject: Bug#641975: Removed package(s) from unstable
Date: Sat, 19 Nov 2011 09:44:37 +0000
Version: 0.9.8o-7+rm

Dear submitter,

as the package openssl098 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/641975

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)




Bug No longer marked as fixed in versions 0.9.8o-7+rm and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:48 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libssl0.9.8' to 'openssl'. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:58:01 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions openssl/0.9.8g-15+lenny1. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:58:01 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 09:05:14 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.