subject:"Re\: openvpn\-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD\/i386 current Sep 16, 2015"

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

2015-09-18 Thread Miod Vallat

> CC'ing tech@.
> 
> The last commit to bn_print.c is wrong, it dereferences t while it's still 
> NULL.
> 
> Backout diff below.

Argh, sorry about that. This is how it should have been done (diff
against 1.25)

Index: bn_print.c
===
RCS file: /OpenBSD/src/lib/libssl/src/crypto/bn/bn_print.c,v
retrieving revision 1.25
diff -u -p -r1.25 bn_print.c
--- bn_print.c  13 Sep 2015 16:02:11 -  1.25
+++ bn_print.c  18 Sep 2015 09:06:42 -
@@ -114,14 +114,14 @@ BN_bn2dec(const BIGNUM *a)
BIGNUM *t = NULL;
BN_ULONG *bn_data = NULL, *lp;
 
-   if (BN_is_zero(t)) {
-   buf = malloc(BN_is_negative(t) + 2);
+   if (BN_is_zero(a)) {
+   buf = malloc(BN_is_negative(a) + 2);
if (buf == NULL) {
BNerr(BN_F_BN_BN2DEC, ERR_R_MALLOC_FAILURE);
goto err;
}   
p = buf;
-   if (BN_is_negative(t))
+   if (BN_is_negative(a))
*(p++) = '-';
*(p++) = '0';
*(p++) = '\0';

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

2015-09-17 Thread Brent Cook

I think this is the right thing to do for now. ok bcook@

On Thu, Sep 17, 2015 at 5:19 PM, Stuart Henderson  wrote:
> CC'ing tech@.
>
> The last commit to bn_print.c is wrong, it dereferences t while it's still 
> NULL.
>
> Backout diff below.
>
>
> On 2015/09/17 22:42, Mikolaj Kucharski wrote:
>> Hi,
>>
>> Does anyone see this as well? I've just upgraded to:
>>
>> OpenBSD 5.8-current (GENERIC) #1164: Wed Sep 16 21:16:53 MDT 2015
>> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
>>
>> and to openvpn-2.3.8 from packages but it segfaulted during connecting
>> by remote client. Then I've recompiled by hand with DEBUG='-g' from
>> ports and now running openvpn-2.3.8p1, but facing the same issue.
>>
>> To be able to get core dump, needed to run openvpn as root, but the same
>> segfault happens when openvpn drops priviliges.
>>
>> Before that I was running snapshot from Aug 13 with packages and I
>> didn't had that problem.
>>
>> Let me know if you need any more info.
>>
>>
>> # /usr/local/sbin/openvpn --cd /etc/openvpn --config server.conf --mtu-test
>> Thu Sep 17 22:16:17 2015 OpenVPN 2.3.8 i386-unknown-openbsd5.8 [SSL 
>> (OpenSSL)] [LZO] [MH] [IPv6] built on Sep 17 2015
>> Thu Sep 17 22:16:17 2015 library versions: LibreSSL 2.3.0, LZO 2.09
>> Thu Sep 17 22:16:17 2015 mlockall call succeeded
>> Thu Sep 17 22:16:17 2015 WARNING: you are using chroot without specifying 
>> user and group -- this may cause the chroot jail to be insecure
>> Thu Sep 17 22:16:22 2015 Diffie-Hellman initialized with 4096 bit key
>> Thu Sep 17 22:16:22 2015 Control Channel Authentication: using 
>> 'certs/hmac.key' as a OpenVPN static key file
>> Thu Sep 17 22:16:22 2015 Outgoing Control Channel Authentication: Using 512 
>> bit message hash 'SHA512' for HMAC authentication
>> Thu Sep 17 22:16:22 2015 Incoming Control Channel Authentication: Using 512 
>> bit message hash 'SHA512' for HMAC authentication
>> Thu Sep 17 22:16:22 2015 Socket Buffers: R=[41600->65536] S=[9216->65536]
>> Thu Sep 17 22:16:22 2015 TUN/TAP device tun2 exists previously, keep at 
>> program end
>> Thu Sep 17 22:16:22 2015 TUN/TAP device /dev/tun2 opened
>> Thu Sep 17 22:16:22 2015 do_ifconfig, tt->ipv6=1, 
>> tt->did_ifconfig_ipv6_setup=1
>> Thu Sep 17 22:16:22 2015 /sbin/ifconfig tun2 192.168.202.1 192.168.202.1 mtu 
>> 1500 netmask 255.255.255.0 up -link0
>> Thu Sep 17 22:16:22 2015 /sbin/ifconfig tun2 inet6 
>> 2001:::::::1/64
>> Thu Sep 17 22:16:22 2015 
>> add_route_ipv6(2001:::::::/64 -> 
>> 2001:::::::1 metric 0) dev tun2
>> Thu Sep 17 22:16:22 2015 /sbin/route add -inet6 
>> 2001::::::: -prefixlen 64 
>> 2001:::::::1
>> route: writing to routing socket: File exists
>> add net 2001:::::::: gateway 
>> 2001:::::::1: File exists
>> Thu Sep 17 22:16:22 2015 ERROR: OpenBSD route add -inet6 command failed: 
>> external program exited with error status: 1
>> Thu Sep 17 22:16:22 2015 /sbin/route add -net 192.168.202.0 192.168.202.1 
>> -netmask 255.255.255.0
>> add net 192.168.202.0: gateway 192.168.202.1
>> Thu Sep 17 22:16:22 2015 chroot to '/var/openvpn' and cd to '/' succeeded
>> Thu Sep 17 22:16:22 2015 UDPv4 link local (bound): [undef]
>> Thu Sep 17 22:16:22 2015 UDPv4 link remote: [undef]
>> Thu Sep 17 22:16:22 2015 MULTI: multi_init called, r=256 v=256
>> Thu Sep 17 22:16:22 2015 IFCONFIG POOL IPv6: (IPv4) size=252, 
>> size_ipv6=65536, netbits=64, 
>> base_ipv6=2001:::::::1000
>> Thu Sep 17 22:16:22 2015 IFCONFIG POOL: base=192.168.202.2 size=252, ipv6=1
>> Thu Sep 17 22:16:22 2015 Initialization Sequence Completed
>> Thu Sep 17 22:16:32 2015 83.xxx.xxx.xxx:48100 TLS: Initial packet from 
>> [AF_INET]83.xxx.xxx.xxx:48100, sid=41b68ea4 12015b6e
>> Segmentation fault (core dumped)
>>
>>
>>
>> (gdb) bt
>> #0  BN_bn2dec (a=0x805e8460) at 
>> /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bn/bn_print.c:117
>> #1  0x179a2aa0 in backend_x509_get_serial (cert=0x8308b500, gc=0xcf7d0320) 
>> at 
>> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify_openssl.c:229
>> #2  0x179a0345 in verify_cert_set_env (x509_track=, 
>> common_name=, subject=, cert_depth=> out>, peer_cert=, es=0x78d2d230) at 
>> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify.c:438
>> #3  verify_cert (session=0x8130a6bc, cert=0x8308b500, cert_depth=0) at 
>> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify.c:665
>> #4  0x179a2d26 in verify_callback (preverify_ok=1, ctx=0xcf7d05d4) at 
>> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify_openssl.c:84
>> #5  0x05aebfcf in internal_verify (ctx=0xcf7d05d4) at 
>> /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/x509/x509_vfy.c:1612
>> #6  0x05aed6b2 in X509_verify_cert (ctx=0xcf7d05d4) at 
>> /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/x509/x509_vf

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

2015-09-17 Thread Mikolaj Kucharski

Hi,

On Thu, Sep 17, 2015 at 11:19:59PM +0100, Stuart Henderson wrote:
> CC'ing tech@.
> 
> The last commit to bn_print.c is wrong, it dereferences t while it's still 
> NULL.
> 
> Backout diff below.

Thanks Stuart, recompiling libcrypto with your diff fixed the problem.
OpenVPN doesn't crash any more. Thanks.

-- 
best regards
q#

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

2015-09-17 Thread Stuart Henderson

CC'ing tech@.

The last commit to bn_print.c is wrong, it dereferences t while it's still NULL.

Backout diff below.


On 2015/09/17 22:42, Mikolaj Kucharski wrote:
> Hi,
> 
> Does anyone see this as well? I've just upgraded to:
> 
> OpenBSD 5.8-current (GENERIC) #1164: Wed Sep 16 21:16:53 MDT 2015
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> 
> and to openvpn-2.3.8 from packages but it segfaulted during connecting
> by remote client. Then I've recompiled by hand with DEBUG='-g' from
> ports and now running openvpn-2.3.8p1, but facing the same issue.
> 
> To be able to get core dump, needed to run openvpn as root, but the same
> segfault happens when openvpn drops priviliges.
> 
> Before that I was running snapshot from Aug 13 with packages and I
> didn't had that problem.
> 
> Let me know if you need any more info.
> 
> 
> # /usr/local/sbin/openvpn --cd /etc/openvpn --config server.conf --mtu-test
> Thu Sep 17 22:16:17 2015 OpenVPN 2.3.8 i386-unknown-openbsd5.8 [SSL 
> (OpenSSL)] [LZO] [MH] [IPv6] built on Sep 17 2015
> Thu Sep 17 22:16:17 2015 library versions: LibreSSL 2.3.0, LZO 2.09
> Thu Sep 17 22:16:17 2015 mlockall call succeeded
> Thu Sep 17 22:16:17 2015 WARNING: you are using chroot without specifying 
> user and group -- this may cause the chroot jail to be insecure
> Thu Sep 17 22:16:22 2015 Diffie-Hellman initialized with 4096 bit key
> Thu Sep 17 22:16:22 2015 Control Channel Authentication: using 
> 'certs/hmac.key' as a OpenVPN static key file
> Thu Sep 17 22:16:22 2015 Outgoing Control Channel Authentication: Using 512 
> bit message hash 'SHA512' for HMAC authentication
> Thu Sep 17 22:16:22 2015 Incoming Control Channel Authentication: Using 512 
> bit message hash 'SHA512' for HMAC authentication
> Thu Sep 17 22:16:22 2015 Socket Buffers: R=[41600->65536] S=[9216->65536]
> Thu Sep 17 22:16:22 2015 TUN/TAP device tun2 exists previously, keep at 
> program end
> Thu Sep 17 22:16:22 2015 TUN/TAP device /dev/tun2 opened
> Thu Sep 17 22:16:22 2015 do_ifconfig, tt->ipv6=1, 
> tt->did_ifconfig_ipv6_setup=1
> Thu Sep 17 22:16:22 2015 /sbin/ifconfig tun2 192.168.202.1 192.168.202.1 mtu 
> 1500 netmask 255.255.255.0 up -link0
> Thu Sep 17 22:16:22 2015 /sbin/ifconfig tun2 inet6 
> 2001:::::::1/64
> Thu Sep 17 22:16:22 2015 
> add_route_ipv6(2001:::::::/64 -> 
> 2001:::::::1 metric 0) dev tun2
> Thu Sep 17 22:16:22 2015 /sbin/route add -inet6 
> 2001::::::: -prefixlen 64 
> 2001:::::::1
> route: writing to routing socket: File exists
> add net 2001:::::::: gateway 
> 2001:::::::1: File exists
> Thu Sep 17 22:16:22 2015 ERROR: OpenBSD route add -inet6 command failed: 
> external program exited with error status: 1
> Thu Sep 17 22:16:22 2015 /sbin/route add -net 192.168.202.0 192.168.202.1 
> -netmask 255.255.255.0
> add net 192.168.202.0: gateway 192.168.202.1
> Thu Sep 17 22:16:22 2015 chroot to '/var/openvpn' and cd to '/' succeeded
> Thu Sep 17 22:16:22 2015 UDPv4 link local (bound): [undef]
> Thu Sep 17 22:16:22 2015 UDPv4 link remote: [undef]
> Thu Sep 17 22:16:22 2015 MULTI: multi_init called, r=256 v=256
> Thu Sep 17 22:16:22 2015 IFCONFIG POOL IPv6: (IPv4) size=252, 
> size_ipv6=65536, netbits=64, base_ipv6=2001:::::::1000
> Thu Sep 17 22:16:22 2015 IFCONFIG POOL: base=192.168.202.2 size=252, ipv6=1
> Thu Sep 17 22:16:22 2015 Initialization Sequence Completed
> Thu Sep 17 22:16:32 2015 83.xxx.xxx.xxx:48100 TLS: Initial packet from 
> [AF_INET]83.xxx.xxx.xxx:48100, sid=41b68ea4 12015b6e
> Segmentation fault (core dumped) 
> 
> 
> 
> (gdb) bt
> #0  BN_bn2dec (a=0x805e8460) at 
> /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/bn/bn_print.c:117
> #1  0x179a2aa0 in backend_x509_get_serial (cert=0x8308b500, gc=0xcf7d0320) at 
> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify_openssl.c:229
> #2  0x179a0345 in verify_cert_set_env (x509_track=, 
> common_name=, subject=, cert_depth= out>, peer_cert=, es=0x78d2d230) at 
> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify.c:438
> #3  verify_cert (session=0x8130a6bc, cert=0x8308b500, cert_depth=0) at 
> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify.c:665
> #4  0x179a2d26 in verify_callback (preverify_ok=1, ctx=0xcf7d05d4) at 
> /home/ports/obj/openvpn-2.3.8/openvpn-2.3.8/src/openvpn/ssl_verify_openssl.c:84
> #5  0x05aebfcf in internal_verify (ctx=0xcf7d05d4) at 
> /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/x509/x509_vfy.c:1612
> #6  0x05aed6b2 in X509_verify_cert (ctx=0xcf7d05d4) at 
> /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/x509/x509_vfy.c:374
> #7  0x092eab0a in ssl_verify_cert_chain (s=0x87394000, sk=0x847b88c0) at 
> /usr/src/lib/libssl/ssl/../../libssl/src/ssl/ssl_cert.c:452
> #8  0x092e57d4 in ssl3_get_client_certificate (s=0x87394000) at 
> /

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

Re: openvpn-2.3.8p1 segv in libcrypto BN_bn2dec on OpenBSD/i386 current Sep 16, 2015

4 matches

Site Navigation

Mail list logo

Footer information