Debian Bug report logs - #534699
libssl0.9.8: likely race condition in int_new_ex_data()

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Russell Coker <russell@coker.com.au>

Date: Fri, 26 Jun 2009 13:42:02 UTC

Severity: normal

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534699; Package libssl0.9.8. (Fri, 26 Jun 2009 13:42:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Fri, 26 Jun 2009 13:42:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libssl0.9.8: likely race condition in int_new_ex_data()
Date: Fri, 26 Jun 2009 23:26:34 +1000
Package: libssl0.9.8
Version: 0.9.8g-15+lenny1
Severity: normal

==28314== Possible data race during read of size 8 at 0x6535338 by thread #3
==28314==    at 0x52D183B: int_new_ex_data (ex_data.c:410)
==28314==    by 0x5318BD7: RSA_new_method (rsa_lib.c:185)
==28314==    by 0x531B76C: rsa_cb (rsa_asn1.c:80)
==28314==    by 0x534CB42: asn1_item_ex_combine_new (tasn_new.c:177)
==28314==    by 0x53501E4: ASN1_item_ex_d2i (tasn_dec.c:399)
==28314==    by 0x53502B3: ASN1_item_d2i (tasn_dec.c:134)
==28314==    by 0x534863C: d2i_PublicKey (d2i_pu.c:96)
==28314==    by 0x534624F: X509_PUBKEY_get (x_pubkey.c:364)
==28314==    by 0x5346C07: d2i_PUBKEY (x_pubkey.c:390)
==28314==    by 0x40D480: SelectorInfo::Parse(char*) (dkimverify.cpp:1312)
==28314==    by 0x40E0A4: CDKIMVerify::GetSelector(std::string const&, std::string const&) (dkimverify.cpp:1369)

I get the above from helgrind on my AMD64 system.

        EX_CLASS_ITEM *item = def_get_class(class_index);
        if(!item)
                /* error is already set */
                return 0;
        ad->sk = NULL;
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); // line 410

Above is the relevant section of int_new_ex_data().

The def_get_class() function calls CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); before
returning a pointer to a member of the hash table.  Now it seems possible for
the item to be deleted from the hash table after def_get_class() is called but
before CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA) is called.




Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sat, 19 Nov 2011 09:51:20 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sat, 19 Nov 2011 09:51:22 GMT) Full text and rfc822 format available.

Message #10 received at 534699-done@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 351684-done@bugs.debian.org,394107-done@bugs.debian.org,431918-done@bugs.debian.org,511727-done@bugs.debian.org,520021-done@bugs.debian.org,524682-done@bugs.debian.org,526747-done@bugs.debian.org,534534-done@bugs.debian.org,534656-done@bugs.debian.org,534683-done@bugs.debian.org,534685-done@bugs.debian.org,534687-done@bugs.debian.org,534699-done@bugs.debian.org,534706-done@bugs.debian.org,534889-done@bugs.debian.org,534892-done@bugs.debian.org,536229-done@bugs.debian.org,546521-done@bugs.debian.org,556968-done@bugs.debian.org,557261-done@bugs.debian.org,561558-done@bugs.debian.org,645805-done@bugs.debian.org,
Cc: openssl098@packages.debian.org, openssl098@packages.qa.debian.org
Subject: Bug#641975: Removed package(s) from unstable
Date: Sat, 19 Nov 2011 09:44:37 +0000
Version: 0.9.8o-7+rm

Dear submitter,

as the package openssl098 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/641975

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)




Bug No longer marked as fixed in versions 0.9.8o-7+rm and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:48 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libssl0.9.8' to 'openssl'. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:58:02 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions openssl/0.9.8g-15+lenny1. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:58:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 18:14:43 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.