Dear Maintainer,
I tried to reproduce this fault, but did not get a segfault.
However, I think the backtrace points to these lines:
(gdb) bt
#0 0x00007ffff769dbce in int_ctx_new () at ../crypto/evp/pmeth_lib.c:160
#1 0x00007ffff769dcfa in EVP_PKEY_CTX_new () at
../crypto/evp/pmeth_lib.c:245
#2 0x00007ffff7698d44 in do_sigver_init () at ../crypto/evp/m_sigver.c:29
#3 0x00007ffff7698eab in EVP_DigestVerifyInit () at
../crypto/evp/m_sigver.c:97
#4 0x00007ffff75bc7d2 in ASN1_item_verify () at
../crypto/asn1/a_verify.c:148
#5 0x00007ffff7722490 in X509_verify () at ../crypto/x509/x_all.c:26
...
https://sources.debian.org/src/openssl/1.1.1d-0+deb10u3/crypto/evp/pmeth_lib.c/#L160
159 if (pmeth->init) {
160 if (pmeth->init(ret) <= 0) {
161 ret->pmeth = NULL;
As there is a check for pmeth->init being non-null, I guess
it contains for some reason an invalid pointer.
@Bruce Momjian,
maybe you could install the following debug symbols packages
`curl-dbgsym libcurl4-dbgsym libssl1.1-dbgsym` from the dbgsym
repository described here:
https://wiki.debian.org/HowToGetABacktrace#Installing_the_debugging_symbols
Then run a new gdb session and when the segfault appears
please run these commands in gdb:
print pmeth->init
bt full 5
Kind regards,
Bernhard
# Buster/stable amd64 qemu VM
apt update
apt dist-upgrade
apt install systemd-coredump curl gdb
curl https://google.com
dpkg -l curl libc6 libcurl4 zlib1g libssl1.1
ii curl 7.64.0-4+deb10u1 amd64 command line tool for
transferring data with URL syntax
ii libc6:amd64 2.28-10 amd64 GNU C Library: Shared
libraries
ii libcurl4:amd64 7.64.0-4+deb10u1 amd64 easy-to-use client-side URL
transfer library (OpenSSL flavour)
ii libssl1.1:amd64 1.1.1d-0+deb10u3 amd64 Secure Sockets Layer toolkit
- shared libraries
ii zlib1g:amd64 1:1.2.11.dfsg-1 amd64 compression library - runtime
benutzer@debian:~$ curl https://google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="https://www.google.com/";>here</A>.
</BODY></HTML>
gdb -q --args curl https://google.com
b ASN1_item_verify
y
run
disassemble ASN1_item_verify
b EVP_DigestVerifyInit
cont
...
generate-core-file /tmp/core
(gdb) bt
#0 0x00007ffff769dbce in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.1
#1 0x00007ffff7698d44 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.1
#2 0x00007ffff75bc7d2 in ASN1_item_verify () from
/lib/x86_64-linux-gnu/libcrypto.so.1.1
#3 0x00007ffff771cfb4 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.1
#4 0x00007ffff771edd6 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.1.1
#5 0x00007ffff771f416 in X509_verify_cert () from
/lib/x86_64-linux-gnu/libcrypto.so.1.1
#6 0x00007ffff782fb88 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.1
#7 0x00007ffff78510f3 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.1
#8 0x00007ffff78536c5 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.1
#9 0x00007ffff784d143 in ?? () from /lib/x86_64-linux-gnu/libssl.so.1.1
#10 0x00007ffff7838f34 in SSL_do_handshake () from
/lib/x86_64-linux-gnu/libssl.so.1.1
#11 0x00007ffff7fa3240 in ?? () from /lib/x86_64-linux-gnu/libcurl.so.4
#12 0x00007ffff7fa53f0 in ?? () from /lib/x86_64-linux-gnu/libcurl.so.4
#13 0x00007ffff7fa61da in ?? () from /lib/x86_64-linux-gnu/libcurl.so.4
#14 0x00007ffff7f4d462 in ?? () from /lib/x86_64-linux-gnu/libcurl.so.4
#15 0x00007ffff7f6f6fe in ?? () from /lib/x86_64-linux-gnu/libcurl.so.4
#16 0x00007ffff7f70aa9 in curl_multi_perform () from
/lib/x86_64-linux-gnu/libcurl.so.4
#17 0x00007ffff7f67642 in curl_easy_perform () from
/lib/x86_64-linux-gnu/libcurl.so.4
#18 0x0000555555569f30 in ?? ()
#19 0x000055555556b42a in ?? ()
#20 0x000055555555d8c4 in ?? ()
#21 0x00007ffff7b5c09b in __libc_start_main (main=0x55555555d770, argc=2,
argv=0x7fffffffe608, init=<optimized out>, fini=<optimized out>,
rtld_fini=<optimized out>, stack_end=0x7fffffffe5f8)
at ../csu/libc-start.c:308
#22 0x000055555555d9da in ?? ()
apt install curl-dbgsym libcurl4-dbgsym libssl1.1-dbgsym
gdb -q /usr/bin/curl --core /tmp/core
set width 0
set pagination off
(gdb) bt
#0 0x00007ffff769dbce in int_ctx_new (pkey=pkey@entry=0x555555601a10,
e=e@entry=0x0, id=<optimized out>, id@entry=-1) at ../crypto/evp/pmeth_lib.c:160
#1 0x00007ffff769dcfa in EVP_PKEY_CTX_new (pkey=pkey@entry=0x555555601a10,
e=e@entry=0x0) at ../crypto/evp/pmeth_lib.c:245
#2 0x00007ffff7698d44 in do_sigver_init (ctx=ctx@entry=0x555555601930,
pctx=pctx@entry=0x0, type=type@entry=0x7ffff77d5fc0 <sha256_md>, e=e@entry=0x0,
pkey=pkey@entry=0x555555601a10, ver=ver@entry=1) at ../crypto/evp/m_sigver.c:29
#3 0x00007ffff7698eab in EVP_DigestVerifyInit (ctx=ctx@entry=0x555555601930,
pctx=pctx@entry=0x0, type=type@entry=0x7ffff77d5fc0 <sha256_md>, e=e@entry=0x0,
pkey=pkey@entry=0x555555601a10) at ../crypto/evp/m_sigver.c:97
#4 0x00007ffff75bc7d2 in ASN1_item_verify (it=0x7ffff77e7e80 <X509_CINF_it>,
a=a@entry=0x5555555fda18, signature=signature@entry=0x5555555fda28,
asn=asn@entry=0x5555555fd990, pkey=0x555555601a10) at
../crypto/asn1/a_verify.c:148
#5 0x00007ffff7722490 in X509_verify (a=a@entry=0x5555555fd990, r=<optimized
out>) at ../crypto/x509/x_all.c:26
#6 0x00007ffff771cfb4 in internal_verify (ctx=0x555555601550) at
../crypto/x509/x509_vfy.c:1750
#7 0x00007ffff771edd6 in verify_chain (ctx=0x555555601550) at
../crypto/x509/x509_vfy.c:232
#8 verify_chain (ctx=0x555555601550) at ../crypto/x509/x509_vfy.c:207
#9 0x00007ffff771f416 in X509_verify_cert (ctx=ctx@entry=0x555555601550) at
../crypto/x509/x509_vfy.c:295
#10 0x00007ffff782fb88 in ssl_verify_cert_chain (s=s@entry=0x5555555ef0a0,
sk=sk@entry=0x5555556008a0) at ../ssl/ssl_cert.c:427
#11 0x00007ffff78510f3 in tls_process_server_certificate (s=0x5555555ef0a0,
pkt=0x7fffffffdb10) at ../ssl/statem/statem_clnt.c:1897
#12 0x00007ffff78536c5 in ossl_statem_client_process_message (s=0x5555555ef0a0,
pkt=<optimized out>) at ../ssl/statem/statem_clnt.c:1039
#13 0x00007ffff784d143 in read_state_machine (s=0x5555555ef0a0) at
../ssl/statem/statem.c:636
#14 state_machine (s=0x5555555ef0a0, server=0) at ../ssl/statem/statem.c:434
#15 0x00007ffff7838f34 in SSL_do_handshake (s=0x5555555ef0a0) at
../ssl/ssl_lib.c:3607
#16 0x00007ffff7fa3240 in ossl_connect_step2 (conn=conn@entry=0x5555555c0d60,
sockindex=sockindex@entry=0) at vtls/openssl.c:2790
#17 0x00007ffff7fa53f0 in ossl_connect_common (conn=0x5555555c0d60,
sockindex=0, nonblocking=true, done=0x7fffffffde28) at vtls/openssl.c:3591
#18 0x00007ffff7fa61da in Curl_ssl_connect_nonblocking
(conn=conn@entry=0x5555555c0d60, sockindex=sockindex@entry=0,
done=0x7fffffffde28) at vtls/vtls.c:275
#19 0x00007ffff7f4d462 in https_connecting (conn=0x5555555c0d60,
done=<optimized out>) at http.c:1521
#20 0x00007ffff7f6f6fe in multi_runsingle (multi=multi@entry=0x5555555be950,
now=..., data=data@entry=0x5555555c2bb0) at multi.c:1650
#21 0x00007ffff7f70aa9 in curl_multi_perform (multi=multi@entry=0x5555555be950,
running_handles=running_handles@entry=0x7fffffffdfa4) at multi.c:2217
#22 0x00007ffff7f67642 in easy_transfer (multi=0x5555555be950) at easy.c:686
#23 easy_perform (events=false, data=0x5555555c2bb0) at easy.c:780
#24 curl_easy_perform (data=data@entry=0x5555555c2bb0) at easy.c:799
#25 0x0000555555569f30 in operate_do (global=global@entry=0x7fffffffe480,
config=0x5555555a8c00) at tool_operate.c:1578
#26 0x000055555556b42a in operate (config=0x7fffffffe480, argc=<optimized out>,
argv=<optimized out>) at tool_operate.c:2081
#27 0x000055555555d8c4 in main (argc=2, argv=0x7fffffffe608) at tool_main.c:326
(gdb) disassemble
Dump of assembler code for function int_ctx_new:
0x00007ffff769db20 <+0>: push %r13
0x00007ffff769db22 <+2>: push %r12
0x00007ffff769db24 <+4>: mov %rdi,%r12
0x00007ffff769db27 <+7>: push %rbp
0x00007ffff769db28 <+8>: mov %rsi,%rbp
0x00007ffff769db2b <+11>: push %rbx
0x00007ffff769db2c <+12>: mov %edx,%ebx
0x00007ffff769db2e <+14>: sub $0x8,%rsp
0x00007ffff769db32 <+18>: cmp $0xffffffff,%edx
0x00007ffff769db35 <+21>: je 0x7ffff769dc20 <int_ctx_new+256>
0x00007ffff769db3b <+27>: test %rbp,%rbp
0x00007ffff769db3e <+30>: jne 0x7ffff769dbf5 <int_ctx_new+213>
0x00007ffff769db44 <+36>: test %r12,%r12
0x00007ffff769db47 <+39>: je 0x7ffff769dbf5 <int_ctx_new+213>
0x00007ffff769db4d <+45>: mov 0x20(%r12),%rbp
0x00007ffff769db52 <+50>: test %rbp,%rbp
0x00007ffff769db55 <+53>: je 0x7ffff769dbf0 <int_ctx_new+208>
0x00007ffff769db5b <+59>: mov %rbp,%rdi
0x00007ffff769db5e <+62>: callq 0x7ffff75a3dd0 <ENGINE_init@plt>
0x00007ffff769db63 <+67>: test %eax,%eax
0x00007ffff769db65 <+69>: je 0x7ffff769dc60 <int_ctx_new+320>
0x00007ffff769db6b <+75>: mov %ebx,%esi
0x00007ffff769db6d <+77>: mov %rbp,%rdi
0x00007ffff769db70 <+80>: callq 0x7ffff759d630 <ENGINE_get_pkey_meth@plt>
0x00007ffff769db75 <+85>: mov %rax,%r13
0x00007ffff769db78 <+88>: test %r13,%r13
0x00007ffff769db7b <+91>: je 0x7ffff769dc30 <int_ctx_new+272>
0x00007ffff769db81 <+97>: mov $0x90,%edx
0x00007ffff769db86 <+102>: lea 0xc7cee(%rip),%rsi #
0x7ffff776587b
0x00007ffff769db8d <+109>: mov $0x50,%edi
0x00007ffff769db92 <+114>: callq 0x7ffff75a2d30 <CRYPTO_zalloc@plt>
0x00007ffff769db97 <+119>: mov %rax,%rbx
0x00007ffff769db9a <+122>: test %rax,%rax
0x00007ffff769db9d <+125>: je 0x7ffff769dcb0 <int_ctx_new+400>
0x00007ffff769dba3 <+131>: mov %rbp,0x8(%rax)
0x00007ffff769dba7 <+135>: mov %r13,(%rax)
0x00007ffff769dbaa <+138>: movl $0x0,0x20(%rax)
0x00007ffff769dbb1 <+145>: mov %r12,0x10(%rax)
0x00007ffff769dbb5 <+149>: test %r12,%r12
0x00007ffff769dbb8 <+152>: je 0x7ffff769dbc2 <int_ctx_new+162>
0x00007ffff769dbba <+154>: mov %r12,%rdi
0x00007ffff769dbbd <+157>: callq 0x7ffff75a29c0 <EVP_PKEY_up_ref@plt>
0x00007ffff769dbc2 <+162>: mov 0x8(%r13),%rax
0x00007ffff769dbc6 <+166>: test %rax,%rax
0x00007ffff769dbc9 <+169>: je 0x7ffff769dbd8 <int_ctx_new+184>
0x00007ffff769dbcb <+171>: mov %rbx,%rdi
=> 0x00007ffff769dbce <+174>: callq *%rax
0x00007ffff769dbd0 <+176>: test %eax,%eax
0x00007ffff769dbd2 <+178>: jle 0x7ffff769dc90 <int_ctx_new+368>
...
0x00007ffff769dcde <+446>: xchg %ax,%ax
0x00007ffff769dce0 <+448>: xor %ebx,%ebx
0x00007ffff769dce2 <+450>: jmpq 0x7ffff769dbd8 <int_ctx_new+184>
End of assembler dump.
https://sources.debian.org/src/openssl/1.1.1d-0+deb10u3/crypto/evp/pmeth_lib.c/#L160
apt install valgrind
