On Wed, Dec 14, 2022 at 03:51:44PM +0100, Renaud Allard wrote: > > > On 12/14/22 14:44, Theo de Raadt wrote: > > sysctl kern.nosuidcoredump=3 > > > > mkdir /var/crash/acme-client > > > > and then try to reproduce, and see if a core file is delivered there. > > This coredump mechanism was added to capture some hard-to-capture coredumps, > > you can see more info in core(5) and sysctl(3) > > > > Thanks > > I have been able to reproduce it reliably with the staging API, however, > there is no core dump generated in /var/crash/acme-client. > > To reproduce it, you need a certificate with alternative names using > multiple different domains. Generate a cert, then fully remove one of the > domains and ask for a forced reissue. > > I tried with following Otto patch from today, and it seems it solves the > issue.
Are you sure you attached the right patch? -Otto > > Index: acctproc.c > =================================================================== > RCS file: /cvs/src/usr.sbin/acme-client/acctproc.c,v > retrieving revision 1.23 > diff -u -p -r1.23 acctproc.c > --- acctproc.c 14 Jan 2022 09:20:18 -0000 1.23 > +++ acctproc.c 14 Dec 2022 11:06:45 -0000 > @@ -439,6 +439,7 @@ op_sign(int fd, EVP_PKEY *pkey, enum acc > > rc = 1; > out: > + ECDSA_SIG_free(ec_sig); > EVP_MD_CTX_free(ctx); > free(pay); > free(sign);