Debian Bug report logs - #534889
libssl0.9.8: int_free_ex_data() is reported as having a race condition

Package: openssl; Maintainer for openssl is Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>; Source for openssl is src:openssl.

Reported by: Russell Coker <russell@coker.com.au>

Date: Sat, 27 Jun 2009 23:42:01 UTC

Severity: normal

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534889; Package libssl0.9.8. (Sat, 27 Jun 2009 23:42:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to Russell Coker <russell@coker.com.au>:
New Bug report received and forwarded. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Sat, 27 Jun 2009 23:42:03 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: libssl0.9.8: int_free_ex_data() is reported as having a race condition
Date: Sun, 28 Jun 2009 09:39:50 +1000
Package: libssl0.9.8
Version: 0.9.8g-15+lenny1
Severity: normal

==6373== Possible data race during read of size 8 at 0x6d2ad28 by thread #4
==6373==    at 0x52D1242: int_free_ex_data (ex_data.c:497)
==6373==    by 0x5318A9D: RSA_free (rsa_lib.c:225)
==6373==    by 0x533A200: EVP_PKEY_free (p_lib.c:479)
==6373==    by 0x40DDDE: SelectorInfo::~SelectorInfo() (dkimverify.cpp:1189)
==6373==    by 0x410946: CDKIMVerify::~CDKIMVerify() (new_allocator.h:118)
==6373==    by 0x4077D7: DKIMVerifyFree (dkim.cpp:223)

Above is the helgrind output from a test run on an AMD64 system.

        if((item = def_get_class(class_index)) == NULL)
                return;
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);

The last line of the above code segment is ex_data.c:497.  Maybe if we obtained
a suitable lock before calling def_get_class() then this would be OK.




Information forwarded to debian-bugs-dist@lists.debian.org, Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>:
Bug#534889; Package libssl0.9.8. (Sat, 27 Jun 2009 23:48:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to russell@coker.com.au:
Extra info received and forwarded to list. Copy sent to Debian OpenSSL Team <pkg-openssl-devel@lists.alioth.debian.org>. (Sat, 27 Jun 2009 23:48:02 GMT) Full text and rfc822 format available.

Message #10 received at 534889@bugs.debian.org (full text, mbox):

From: Russell Coker <russell@coker.com.au>
To: 534889@bugs.debian.org
Subject: another version of this
Date: Sun, 28 Jun 2009 09:46:37 +1000
        EX_CLASS_ITEM *item = def_get_class(class_index);
        if(!item)
                /* error is already set */
                return 0;
        ad->sk = NULL;
        CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA);
        mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth);


We get the same issue in int_new_ex_data() with the above code.





Reply sent to Debian FTP Masters <ftpmaster@ftp-master.debian.org>:
You have taken responsibility. (Sat, 19 Nov 2011 09:51:34 GMT) Full text and rfc822 format available.

Notification sent to Russell Coker <russell@coker.com.au>:
Bug acknowledged by developer. (Sat, 19 Nov 2011 09:51:38 GMT) Full text and rfc822 format available.

Message #15 received at 534889-done@bugs.debian.org (full text, mbox):

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: 351684-done@bugs.debian.org,394107-done@bugs.debian.org,431918-done@bugs.debian.org,511727-done@bugs.debian.org,520021-done@bugs.debian.org,524682-done@bugs.debian.org,526747-done@bugs.debian.org,534534-done@bugs.debian.org,534656-done@bugs.debian.org,534683-done@bugs.debian.org,534685-done@bugs.debian.org,534687-done@bugs.debian.org,534699-done@bugs.debian.org,534706-done@bugs.debian.org,534889-done@bugs.debian.org,534892-done@bugs.debian.org,536229-done@bugs.debian.org,546521-done@bugs.debian.org,556968-done@bugs.debian.org,557261-done@bugs.debian.org,561558-done@bugs.debian.org,645805-done@bugs.debian.org,
Cc: openssl098@packages.debian.org, openssl098@packages.qa.debian.org
Subject: Bug#641975: Removed package(s) from unstable
Date: Sat, 19 Nov 2011 09:44:37 +0000
Version: 0.9.8o-7+rm

Dear submitter,

as the package openssl098 has just been removed from the Debian archive
unstable we hereby close the associated bug reports.  We are sorry
that we couldn't deal with your issue properly.

For details on the removal, please see http://bugs.debian.org/641975

The version of this package that was in Debian prior to this removal
can still be found using http://snapshot.debian.org/.

This message was generated automatically; if you believe that there is
a problem with it please contact the archive administrators by mailing
ftpmaster@debian.org.

Debian distribution maintenance software
pp.
Luca Falavigna (the ftpmaster behind the curtain)




Bug No longer marked as fixed in versions 0.9.8o-7+rm and reopened. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sat, 19 Nov 2011 10:57:50 GMT) Full text and rfc822 format available.

Bug reassigned from package 'libssl0.9.8' to 'openssl'. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:58:03 GMT) Full text and rfc822 format available.

Bug No longer marked as found in versions openssl/0.9.8g-15+lenny1. Request was from Kurt Roeckx <kurt@roeckx.be> to control@bugs.debian.org. (Sat, 19 Nov 2011 10:58:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 25 08:53:24 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.