On 12/14/22 14:44, Theo de Raadt wrote:
sysctl kern.nosuidcoredump=3 mkdir /var/crash/acme-client and then try to reproduce, and see if a core file is delivered there. This coredump mechanism was added to capture some hard-to-capture coredumps, you can see more info in core(5) and sysctl(3)
ThanksI have been able to reproduce it reliably with the staging API, however, there is no core dump generated in /var/crash/acme-client.
To reproduce it, you need a certificate with alternative names using multiple different domains. Generate a cert, then fully remove one of the domains and ask for a forced reissue.
I tried with following Otto patch from today, and it seems it solves the issue.
Index: acctproc.c
===================================================================
RCS file: /cvs/src/usr.sbin/acme-client/acctproc.c,v
retrieving revision 1.23
diff -u -p -r1.23 acctproc.c
--- acctproc.c 14 Jan 2022 09:20:18 -0000 1.23
+++ acctproc.c 14 Dec 2022 11:06:45 -0000
@@ -439,6 +439,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acc
rc = 1;
out:
+ ECDSA_SIG_free(ec_sig);
EVP_MD_CTX_free(ctx);
free(pay);
free(sign);
smime.p7s
Description: S/MIME Cryptographic Signature
