Re: "libsafe violation for /etc/ssl/openssl-0.9.6/apps/openssl, pid=18373; overflow caused by memcpy()"

Thu, 11 Jan 2001 00:41:55 -0800 

On Sun, Nov 12, 2000 at 07:13:07PM -0500, David Arbogast wrote:
> This was a clean full install of Mandrake 7.2 i586 in "expert" paranoid
> security mode.
> 
> My fault?

Yes :-)

...
> ../apps/openssl verify -CApath ../certs ../certs/*.pem
> Detected an attempt to write across stack boundary.
> Terminating /etc/ssl/openssl-0.9.6/apps/openssl.
> "libsafe violation for /etc/ssl/openssl-0.9.6/apps/openssl, pid=18373;
> overflow caused by memcpy()"

A similar report has already been posted some weeks ago by James Breton
<[EMAIL PROTECTED]> (Thread: "make test" fails on Linux while using
libsafe-1.3).
I could not install libsafe on my SuSE Linux 6.4 (I only received segmentation
faults for all programs), Steve Henson could use libsafe on his Redhat 6.1
but could not reproduce the reported problem.
James Breton finally came back with the report that he can see this problem
only on his Debian 2.2 system, not on a Redhat 6.2.

So: use a better distribution :-)

To be serious: we are not aware of a memcpy() or other problem in OpenSSL.
I rather think that the problem is related to your distribution or the
glibc included or whatever. I consider this a false alarm.
If you can reproduce the problem and track it down to OpenSSL we will
happily accept your detailed bug report.
(I checked out the libsafe source code: you can change the _exit() to an
abort() and so generate a core dump or run the software in question from
a debugger and so track down this thing. As libsafe does not run on SuSE
Linux 6.4, I cannot try myself. There was a short discussion on the
SuSE-security mailing list about libsafe, the result was not very much
in favor of libsafe; SuSE does not include it into the distribution.)

Best regards,
        Lutz
-- 
Lutz Jaenicke                             [EMAIL PROTECTED]
BTU Cottbus               http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik                  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus              Fax. +49 355 69-4153
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to