Package: openssl Version: 1.1.0f-3 Severity: normal Hi,
when kamailio has TLS enabled it coredumps when stopping its process. This issue was noticed in Debian/stretch and the steps to reproduce it are as follows (thanks to Victor Seva for providing STR, tested within a sid chroot): apt-get update ; apt-get install --assume-yes kamailio kamailio-tls-modules ssl-cert procps adduser kamailio ssl-cert ln -s /etc/ssl/private/ssl-cert-snakeoil.key /etc/kamailio/kamailio-selfsigned.key ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem /etc/kamailio/kamailio-selfsigned.pem echo '#!define WITH_TLS' > /etc/kamailio/kamailio-local.cfg mount -t proc proc /proc kamailio -f /etc/kamailio/kamailio.cfg & kill $(pgrep kamailio | head -1) Then this will result in the following coredump: # file /core /core: ELF 64-bit LSB core file x86-64, version 1 (SYSV), SVR4-style, from 'kamailio -f /etc/kamailio/kamailio.cfg', real uid: 0, effective uid: 0, real gid: 0, effective gid: 0, execfn: '/sbin/kamailio', platform: 'x86_64' More debugging information: # echo 'deb http://debug.mirrors.debian.org/debian-debug/ stretch-debug main' >> /etc/apt/sources.list.d/debian.list # apt-get update ; apt-get install --assume-yes gdb libssl1.1-dbgsym libc6-dbg kamailio-dbg # apt-get source kamailio libssl-dev # cd openssl-1.1.0f/ssl # gdb kamailio /core GNU gdb (Debian 7.12-6) 7.12.0.20161007-git [...] Reading symbols from kamailio...Reading symbols from /usr/lib/debug/.build-id/e9/a705ef832a4933fd0b762abb6f7cf68f2c8c1a.debug...done. done. [New LWP 25615] [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Core was generated by `kamailio -f /etc/kamailio/kamailio.cfg'. Program terminated with signal SIGSEGV, Segmentation fault. #0 ossl_init_thread_stop (locals=0x7f052cceed00) at ../crypto/init.c:332 332 if (locals->async) { (gdb) bt #0 ossl_init_thread_stop (locals=0x7f052cceed00) at ../crypto/init.c:332 #1 0x00007f0530d05234 in OPENSSL_cleanup () at ../crypto/init.c:400 #2 0x00007f0534f66910 in __run_exit_handlers (status=0, listp=0x7f05352ca5d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:83 #3 0x00007f0534f6696a in __GI_exit (status=<optimized out>) at exit.c:105 #4 0x00005570ff072d54 in handle_sigs () at main.c:699 #5 0x00005570ff07da43 in main_loop () at main.c:1758 #6 0x00005570ff083fb9 in main (argc=3, argv=0x7ffe202f4928) at main.c:2646 (gdb) bt full #0 ossl_init_thread_stop (locals=0x7f052cceed00) at ../crypto/init.c:332 No locals. #1 0x00007f0530d05234 in OPENSSL_cleanup () at ../crypto/init.c:400 currhandler = <optimized out> lasthandler = <optimized out> #2 0x00007f0534f66910 in __run_exit_handlers (status=0, listp=0x7f05352ca5d8 <__exit_funcs>, run_list_atexit=run_list_atexit@entry=true, run_dtors=run_dtors@entry=true) at exit.c:83 atfct = <optimized out> onfct = <optimized out> cxafct = <optimized out> f = <optimized out> #3 0x00007f0534f6696a in __GI_exit (status=<optimized out>) at exit.c:105 No locals. #4 0x00005570ff072d54 in handle_sigs () at main.c:699 chld = 539968736 chld_status = 539968768 any_chld_stopped = 32766 memlog = 0 __func__ = "handle_sigs" #5 0x00005570ff07da43 in main_loop () at main.c:1758 i = 8 pid = 25670 si = 0x0 si_desc = "udp receiver child=7 sock=10.10.12.34:5060\000\000\000\000\000\000(\357>\377pU\000\000\000\264\323w9\312\\/\020\312\307,\005\177\000\000W\350*4\000\000\000\000\300\377\006\377pU\000\000 I/ \376\177", '\000' <repeats 18 times>, "PF/ \376\177\000\000\004\357)\377pU\000" nrprocs = 8 woneinit = 1 __func__ = "main_loop" #6 0x00005570ff083fb9 in main (argc=3, argv=0x7ffe202f4928) at main.c:2646 cfg_stream = 0x55710168d010 c = -1 r = 0 tmp = 0x7ffe202f4760 "\377\377\377\377" tmp_len = 898697872 port = 32517 proto = 539969536 options = 0x5570ff3c70e8 ":f:cm:M:dVIhEeb:l:L:n:vKrRDTN:W:w:t:u:g:P:G:SQ:O:a:A:x:X:Y:" ret = -1 seed = 3227959873 rfd = 4 debug_save = 0 debug_flag = 0 dont_fork_cnt = 0 n_lst = 0x0 p = 0xffffffff <error: Cannot access memory at address 0xffffffff> st = {st_dev = 64771, st_ino = 222103, st_nlink = 2, st_mode = 16877, st_uid = 101, st_gid = 101, __pad0 = 0, st_rdev = 0, st_size = 4096, st_blksize = 4096, st_blocks = 8, st_atim = {tv_sec = 1501277594, tv_nsec = 44228867}, st_mtim = {tv_sec = 1501277594, tv_nsec = 44228867}, st_ctim = {tv_sec = 1501277594, tv_nsec = 44228867}, __glibc_reserved = {0, 0, 0}} __func__ = "main" (gdb) info threads Id Target Id Frame * 1 Thread 0x7f0535905700 (LWP 25615) 0x00005570ff083fb9 in main (argc=3, argv=0x7ffe202f4928) at main.c:2646 Victor Seva (being the maintainer of the kamailio package) already tried to build libssl with https://github.com/openssl/openssl/commit/4b4bc00a00456e6d5cc8b2a26489ae905c049f41 and also include https://github.com/kamailio/kamailio/commit/e7c03ce6ce61119fbf5cb9f41b7abcd4c7138d58 + https://github.com/kamailio/kamailio/commit/76efc9b7a1489007f9ff431e730ce4e86b446a6c within the kamailio package, though this doesn't seem to change anything. Kurt, do you have any ideas what might go wrong in OPENSSL_cleanup here and how this could be fixed? We'd appreciate any hints. Thanks! regards, -mika-
signature.asc
Description: Digital signature