Re: acme-client canary corrupted issue

Wed, 14 Dec 2022 06:19:49 -0800 

On Wed, Dec 14, 2022 at 12:30:25PM +0100, Renaud Allard wrote:

> Hi Otto,
> 
> 
> On 12/14/22 12:01, Otto Moerbeek wrote:
> > On Tue, Dec 13, 2022 at 10:34:53AM +0100, Renaud Allard wrote:
> > 
> > > Hello,
> > > 
> > > I was force renewing some certs because I removed some domains from
> > > the cert, and got this:
> > > acme-client(53931) in free(): chunk canary corrupted 0xa06cb09db00 
> > > 0xb0@0xb0
> > > 
> > > I am using vm.malloc_conf=SUR>>
> > > 
> > > Best Regards
> > 
> > 
> > I cannot reproduce with several attempts. Please include details on
> > platform and version.
> > 
> > Can you show a run with -v on? That gives a hint where the problem
> > occurs.
> > 
> > Do you get a core dump? If so, try to get a backtrace.
> > 
> 
> 
> It's quite hard to reproduce, I only had it once when I shrank the
> alternative names involved in one certificate. There was no core dump.
> 
> This was produced on 7.2-stable amd64
> account and domain keys are ecdsa
> 
> I ran it with -vvF and could get my run log thanks to tmux back buffer.
> I will skip all the verification/certs babble
> 
> isildur# acme-client -vvF arnor.org
> 
> acme-client: /somewhere/arnor.org.key: loaded domain key
> 
> acme-client: /etc/acme/letsencrypt-privkey.pem: loaded account key
> 
> acme-client: /somewhere/arnor.org.crt: certificate valid: 74 days left
> 
> acme-client: /somewhere/arnor.org.crt: domain list changed, forcing renewal
> acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
> 
> acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
> 
> ******** lots of standard certs/verif dialog *********
> -----END CERTIFICATE----- ] (5800 bytes)
> 
> acme-client(53931) in free(): chunk canary corrupted 0xa06cb09db00 0xb0@0xb0
> acme-client: /somewhere/arnor.org.crt: created
> 
> acme-client: /somewhere/arnor.org.fullchain.pem: created
> 
> acme-client: signal: revokeproc(53931): Abort trap
> 
> Best Regards


Try this

        -Otto

Index: revokeproc.c
===================================================================
RCS file: /home/cvs/src/usr.sbin/acme-client/revokeproc.c,v
retrieving revision 1.19
diff -u -p -r1.19 revokeproc.c
--- revokeproc.c        22 Nov 2021 08:26:08 -0000      1.19
+++ revokeproc.c        14 Dec 2022 14:16:46 -0000
@@ -239,6 +239,7 @@ revokeproc(int fd, const char *certfile,
                                goto out;
                        }
                        force = 2;
+                       continue;
                }
                if (found[j]++) {
                        if (revocate) {

Reply via email to