Further analysis of why config files are being loaded twice shows that
these are bugs in curl and wget, both call CONF_modules_load_file
directly during their initialization functions, while it is also being
called from OPENSSL_init_crypto and similar top-level functions:
For wget:
(gdb) bt
#0 CONF_modules_load_file (filename=filename@entry=0x0,
appname=appname@entry=0x0, flags=flags@entry=50) at
../crypto/conf/conf_mod.c:114
#1 0x00007ffff7c7da10 in openssl_config_int (settings=<optimized out>) at
../crypto/conf/conf_sap.c:69
#2 0x00007ffff7d14234 in ossl_init_config () at ../crypto/init.c:293
#3 ossl_init_config_ossl_ () at ../crypto/init.c:291
#4 0x00007ffff796947f in __pthread_once_slow (once_control=0x7ffff7e717e0
<config>, init_routine=0x7ffff7d14220 <ossl_init_config_ossl_>) at
pthread_once.c:116
#5 0x00007ffff7969535 in __GI___pthread_once
(once_control=once_control@entry=0x7ffff7e717e0 <config>,
init_routine=init_routine@entry=0x7ffff7d14220 <ossl_init_config_ossl_>) at
pthread_once.c:143
#6 0x00007ffff7d7f74d in CRYPTO_THREAD_run_once
(once=once@entry=0x7ffff7e717e0 <config>, init=init@entry=0x7ffff7d14220
<ossl_init_config_ossl_>) at ../crypto/threads_pthread.c:118
#7 0x00007ffff7d148b8 in OPENSSL_init_crypto (settings=0x7fffffffdc50,
opts=64) at ../crypto/init.c:701
#8 OPENSSL_init_crypto (opts=opts@entry=64,
settings=settings@entry=0x7fffffffdc50) at ../crypto/init.c:620
#9 0x00007ffff7c7d9ae in OPENSSL_config (appname=appname@entry=0x0) at
../crypto/conf/conf_sap.c:39
#10 0x0000555555598237 in ssl_init () at ../../src/openssl.c:178
#11 0x000055555557cbc5 in gethttp (u=u@entry=0x5555555e63e0,
original_url=original_url@entry=0x5555555e63e0, hs=hs@entry=0x7fffffffe110,
dt=dt@entry=0x7fffffffe4f0, proxy=proxy@entry=0x0,
iri=iri@entry=0x5555555e63b0, count=1) at ../../src/http.c:3209
#12 0x00005555555808f3 in http_loop (u=u@entry=0x5555555e63e0,
original_url=original_url@entry=0x5555555e63e0,
newloc=newloc@entry=0x7fffffffe408, local_file=local_file@entry=0x7fffffffe410,
referer=referer@entry=0x0, dt=dt@entry=0x7fffffffe4f0, proxy=0x0,
iri=0x5555555e63b0)
at ../../src/http.c:4356
#13 0x000055555558c594 in retrieve_url (orig_parsed=0x5555555e63e0,
origurl=0x5555555e7600 "https://google.de/";, file=0x7fffffffe4f8,
newloc=0x7fffffffe500, refurl=0x0, dt=0x7fffffffe4f0, recursive=false,
iri=0x5555555e63b0, register_status=true) at ../../src/retr.c:973
#14 0x00005555555644bb in main (argc=<optimized out>, argv=<optimized out>) at
../../src/main.c:2165
(gdb) c
Continuing.
Breakpoint 1, CONF_modules_load_file (filename=filename@entry=0x0,
appname=appname@entry=0x0, flags=flags@entry=48) at
../crypto/conf/conf_mod.c:114
114 in ../crypto/conf/conf_mod.c
(gdb) bt
#0 CONF_modules_load_file (filename=filename@entry=0x0,
appname=appname@entry=0x0, flags=flags@entry=48) at
../crypto/conf/conf_mod.c:114
#1 0x00005555555982c0 in ssl_init () at ../../src/openssl.c:202
#2 0x000055555557cbc5 in gethttp (u=u@entry=0x5555555e63e0,
original_url=original_url@entry=0x5555555e63e0, hs=hs@entry=0x7fffffffe110,
dt=dt@entry=0x7fffffffe4f0, proxy=proxy@entry=0x0,
iri=iri@entry=0x5555555e63b0, count=1) at ../../src/http.c:3209
#3 0x00005555555808f3 in http_loop (u=u@entry=0x5555555e63e0,
original_url=original_url@entry=0x5555555e63e0,
newloc=newloc@entry=0x7fffffffe408, local_file=local_file@entry=0x7fffffffe410,
referer=referer@entry=0x0, dt=dt@entry=0x7fffffffe4f0, proxy=0x0,
iri=0x5555555e63b0)
at ../../src/http.c:4356
#4 0x000055555558c594 in retrieve_url (orig_parsed=0x5555555e63e0,
origurl=0x5555555e7600 "https://google.de/";, file=0x7fffffffe4f8,
newloc=0x7fffffffe500, refurl=0x0, dt=0x7fffffffe4f0, recursive=false,
iri=0x5555555e63b0, register_status=true) at ../../src/retr.c:973
#5 0x00005555555644bb in main (argc=<optimized out>, argv=<optimized out>) at
../../src/main.c:2165
For curl:
Breakpoint 1, CONF_modules_load_file (filename=filename@entry=0x0,
appname=appname@entry=0x0, flags=flags@entry=48) at
../crypto/conf/conf_mod.c:114
114 ../crypto/conf/conf_mod.c: No such file or directory.
(gdb) bt
#0 CONF_modules_load_file (filename=filename@entry=0x0,
appname=appname@entry=0x0, flags=flags@entry=48) at
../crypto/conf/conf_mod.c:114
#1 0x00007ffff7f95313 in Curl_ossl_init () at vtls/openssl.c:1052
#2 0x00007ffff7f5fa20 in global_init (flags=3, memoryfuncs=<optimized out>) at
easy.c:158
#3 0x000055555555f0af in main_init (config=0x7fffffffe540) at tool_main.c:158
#4 main (argc=4, argv=0x7fffffffe6d8) at tool_main.c:296
(gdb) c
Continuing.
[New Thread 0x7ffff66f4700 (LWP 2866)]
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:--
0[Thread 0x7ffff66f4700 (LWP 2866) exited]
Thread 1 "curl" hit Breakpoint 1, CONF_modules_load_file
(filename=filename@entry=0x0, appname=appname@entry=0x0, flags=flags@entry=50)
at ../crypto/conf/conf_mod.c:114
114 in ../crypto/conf/conf_mod.c
(gdb) bt
#0 CONF_modules_load_file (filename=filename@entry=0x0,
appname=appname@entry=0x0, flags=flags@entry=50) at
../crypto/conf/conf_mod.c:114
#1 0x00007ffff7988a10 in openssl_config_int (settings=<optimized out>) at
../crypto/conf/conf_sap.c:69
#2 0x00007ffff7a1f234 in ossl_init_config () at ../crypto/init.c:293
#3 ossl_init_config_ossl_ () at ../crypto/init.c:291
#4 0x00007ffff7f0247f in __pthread_once_slow (once_control=0x7ffff7b7c7e0
<config>, init_routine=0x7ffff7a1f220 <ossl_init_config_ossl_>) at
pthread_once.c:116
#5 0x00007ffff7f02535 in __GI___pthread_once
(once_control=once_control@entry=0x7ffff7b7c7e0 <config>,
init_routine=init_routine@entry=0x7ffff7a1f220 <ossl_init_config_ossl_>) at
pthread_once.c:143
#6 0x00007ffff7a8a74d in CRYPTO_THREAD_run_once
(once=once@entry=0x7ffff7b7c7e0 <config>, init=init@entry=0x7ffff7a1f220
<ossl_init_config_ossl_>) at ../crypto/threads_pthread.c:118
#7 0x00007ffff7a1f8b8 in OPENSSL_init_crypto (settings=0x0, opts=2097228) at
../crypto/init.c:701
#8 OPENSSL_init_crypto (opts=opts@entry=2097228, settings=settings@entry=0x0)
at ../crypto/init.c:620
#9 0x00007ffff7bb4575 in OPENSSL_init_ssl (opts=2097228, opts@entry=2097152,
settings=settings@entry=0x0) at ../ssl/ssl_init.c:205
#10 0x00007ffff7bb84a2 in SSL_CTX_new (meth=meth@entry=0x7ffff7c0a860
<TLS_client_method_data.23164>) at ../ssl/ssl_lib.c:2978
#11 0x00007ffff7f9877e in ossl_connect_step1 (conn=conn@entry=0x5555555cdb10,
sockindex=sockindex@entry=0) at vtls/openssl.c:2527
#12 0x00007ffff7f9a23f in ossl_connect_common (conn=0x5555555cdb10,
sockindex=0, nonblocking=true, done=0x7fffffffe238) at vtls/openssl.c:3752
#13 0x00007ffff7f9b14f in Curl_ssl_connect_nonblocking
(conn=conn@entry=0x5555555cdb10, sockindex=sockindex@entry=0,
done=done@entry=0x7fffffffe238) at vtls/vtls.c:291
#14 0x00007ffff7f46296 in https_connecting (conn=conn@entry=0x5555555cdb10,
done=done@entry=0x7fffffffe238) at http.c:1575
#15 0x00007ffff7f47d13 in Curl_http_connect (done=0x7fffffffe238,
conn=0x5555555cdb10) at http.c:1497
#16 Curl_http_connect (conn=0x5555555cdb10, done=0x7fffffffe238) at http.c:1462
#17 0x00007ffff7f6897d in protocol_connect (protocol_done=0x7fffffffe238,
conn=<optimized out>) at multi.c:1485
#18 multi_runsingle (multi=0x5555555c2bd0, now=..., data=0x5555555cee10) at
multi.c:1794
#19 0x00007ffff7f69a11 in curl_multi_perform (multi=multi@entry=0x5555555c2bd0,
running_handles=running_handles@entry=0x7fffffffe3a8) at multi.c:2341
#20 0x00007ffff7f5fe8b in easy_transfer (multi=0x5555555c2bd0) at easy.c:599
#21 easy_perform (events=false, data=0x5555555cee10) at easy.c:692
#22 curl_easy_perform (data=0x5555555cee10) at easy.c:711
#23 0x000055555556e1d0 in serial_transfers (share=0x5555555c43c0,
global=0x7fffffffe540) at tool_operate.c:2203
#24 run_all_transfers (result=CURLE_OK, share=0x5555555c43c0,
global=0x7fffffffe540) at tool_operate.c:2379
#25 operate (global=0x7fffffffe540, argc=<optimized out>, argv=<optimized out>)
at tool_operate.c:2491
#26 0x000055555555f130 in main (argc=4, argv=0x7fffffffe6d8) at tool_main.c:314
** Also affects: wget (Ubuntu)
Importance: Undecided
Status: New
** Also affects: curl (Ubuntu)
Importance: Undecided
Status: New
** Changed in: curl (Ubuntu)
Status: New => Fix Released
** Changed in: wget (Ubuntu)
Status: New => Fix Released
** Changed in: wget (Ubuntu Focal)
Status: New => Triaged
** Changed in: curl (Ubuntu Focal)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1921518
Title:
OpenSSL "double free" error
Status in curl package in Ubuntu:
Fix Released
Status in openssl package in Ubuntu:
Incomplete
Status in wget package in Ubuntu:
Fix Released
Status in curl source package in Focal:
Triaged
Status in openssl source package in Focal:
Incomplete
Status in wget source package in Focal:
Triaged
Bug description:
"double free" error is seen when using curl utility. Error is from
libcrypto.so which is part of the OpenSSL package. This happens only
when OpenSSL is configured to use a dynamic engine.
OpenSSL version is 1.1.1f
The issue is not encountered if
http://www.openssl.org/source/openssl-1.1.1f.tar.gz is used instead.
OpenSSL can be configured to use a dynamic engine by editing the default
openssl config file which is located at '/etc/ssl/openssl.cnf' on Ubuntu
systems.
On Bluefield systems, config diff to enable PKA dynamic engine, is as
below:
+openssl_conf = conf_section
+
# Extra OBJECT IDENTIFIER info:
#oid_file = $ENV::HOME/.oid
oid_section = new_oids
+[ conf_section ]
+engines = engine_section
+
+[ engine_section ]
+bf = bf_section
+
+[ bf_section ]
+engine_id=pka
+dynamic_path=/usr/lib/aarch64-linux-gnu/engines-1.1/pka.so
+init=0
+
engine_id above refers to dynamic engine name/identifier.
dynamic_path points to the .so file for the dynamic engine.
# curl -O https://tpo.pe/pathogen.vim
double free or corruption (out)
Aborted (core dumped)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/curl/+bug/1921518/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
