[HACKERS] Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq)

2011-05-12 Thread Albe Laurenz 
I wrote:
 I have found a small but annoying bug in libpq where
 connection parameters are resolved via LDAP.

 I have attached a new version of the patch that should address all
known
 problems.

FWIW, I ran valgrind on psql establishing an SSL connection, and I found
some messages like this:

==26437== Conditional jump or move depends on uninitialised value(s)
==26437==at 0x423DDC8: BN_mod_inverse (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x4241EDC: BN_MONT_CTX_set (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x4243E28: ??? (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x424553D: RSA_public_decrypt (in
/lib/libcrypto.so.0.9.7a)
==26437==by 0x4245F15: RSA_verify (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x41D1192: ??? (in /lib/libssl.so.0.9.7a)
==26437==by 0x41CFC2A: ssl3_connect (in /lib/libssl.so.0.9.7a)
==26437==by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a)
==26437==by 0x403DF47: open_client_SSL (fe-secure.c:1161)
==26437==by 0x403C903: pqsecure_open_client (fe-secure.c:284)
==26437==by 0x402908F: PQconnectPoll (fe-connect.c:2113)
==26437==by 0x4028301: connectDBComplete (fe-connect.c:1463)

and

==26437== Use of uninitialised value of size 4
==26437==at 0x42387A5: BN_num_bits_word (in
/lib/libcrypto.so.0.9.7a)
==26437==by 0x4238833: BN_num_bits (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x423788A: BN_mod_exp_mont_consttime (in
/lib/libcrypto.so.0.9.7a)
==26437==by 0x4237657: BN_mod_exp_mont (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x424A51D: ??? (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x424A1DB: ??? (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x424A061: DH_generate_key (in /lib/libcrypto.so.0.9.7a)
==26437==by 0x41D1EF9: ??? (in /lib/libssl.so.0.9.7a)
==26437==by 0x41CFD1E: ssl3_connect (in /lib/libssl.so.0.9.7a)
==26437==by 0x41DC939: SSL_connect (in /lib/libssl.so.0.9.7a)
==26437==by 0x403DF47: open_client_SSL (fe-secure.c:1161)
==26437==by 0x403C903: pqsecure_open_client (fe-secure.c:284)

All in the same call of SSL_connect in open_client_SSL.

I've never worked with SSL, but it looks to me like something in the SSL
data structure is uninitialized. Don't know if that's a serious problem
or not.

Yours,
Laurenz Albe

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

Re: [HACKERS] Uninitialized SSL values? (was: Fix for bug in ldapServiceLookup in libpq)

2011-05-12 Thread Tom Lane 
Albe Laurenz laurenz.a...@wien.gv.at writes:
 FWIW, I ran valgrind on psql establishing an SSL connection, and I found
 some messages like this:

 ==26437== Conditional jump or move depends on uninitialised value(s)
 ==26437== Use of uninitialised value of size 4

Yeah, this has been mentioned before IIRC.  It looks to me like the
issue is entirely within the SSL library and has nothing to do with
Postgres.  Dunno if it's worth filing a bug report with the OpenSSL
folk ...

regards, tom lane

-- 
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers