[Touch-packages] [Bug 1551274] Re: creating SRP file crashes openssl
I've tried to reproduce the issue but it doesn't fail for me. I"ve also looked at the code and it seems to now call OPENSSL_clear_free() which is actually CRYPTO_clear_free() and the first thing this function does is to check its first parameter is not NULL. Considering all of the above, I'm going to mark this bug as Fix Released. ** Changed in: openssl (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1551274 Title: creating SRP file crashes openssl Status in openssl package in Ubuntu: Fix Released Bug description: the following, with "test", "test" as passwords, make openssl crash: touch passwd.srpv ; openssl srp -srpvfile passwd.srpv -add user ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssl 1.0.2f-2ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-4.19-generic 4.4.1 Uname: Linux 4.4.0-4-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: GNOME Date: Mon Feb 29 16:15:20 2016 InstallationDate: Installed on 2015-12-02 (89 days ago) InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20151027) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1551274/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1551274] Re: creating SRP file crashes openssl
** Changed in: openssl (Ubuntu) Importance: Undecided => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1551274 Title: creating SRP file crashes openssl Status in openssl package in Ubuntu: Confirmed Bug description: the following, with "test", "test" as passwords, make openssl crash: touch passwd.srpv ; openssl srp -srpvfile passwd.srpv -add user ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssl 1.0.2f-2ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-4.19-generic 4.4.1 Uname: Linux 4.4.0-4-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: GNOME Date: Mon Feb 29 16:15:20 2016 InstallationDate: Installed on 2015-12-02 (89 days ago) InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20151027) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1551274/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1551274] Re: creating SRP file crashes openssl
Status changed to 'Confirmed' because the bug affects multiple users. ** Changed in: openssl (Ubuntu) Status: New => Confirmed -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to openssl in Ubuntu. https://bugs.launchpad.net/bugs/1551274 Title: creating SRP file crashes openssl Status in openssl package in Ubuntu: Confirmed Bug description: the following, with "test", "test" as passwords, make openssl crash: touch passwd.srpv ; openssl srp -srpvfile passwd.srpv -add user ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: openssl 1.0.2f-2ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-4.19-generic 4.4.1 Uname: Linux 4.4.0-4-generic x86_64 ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: GNOME Date: Mon Feb 29 16:15:20 2016 InstallationDate: Installed on 2015-12-02 (89 days ago) InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20151027) SourcePackage: openssl UpgradeStatus: No upgrade log present (probably fresh install) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1551274/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 1551274] Re: creating SRP file crashes openssl
The following patch helps me
--- openssl-1.0.2f/crypto/srp/srp_vfy.c 2016-01-28 14:38:31.0 +0100
+++ openssl-1.0.2f-patched/crypto/srp/srp_vfy.c 2016-03-02 12:18:01.320339059
+0100
@@ -588,8 +588,12 @@
BN_free(N_bn);
BN_free(g_bn);
}
-OPENSSL_cleanse(vf, vfsize);
-OPENSSL_free(vf);
+
+if (vf) {
+OPENSSL_cleanse(vf, vfsize);
+OPENSSL_free(vf);
+}
+
BN_clear_free(s);
BN_clear_free(v);
return result;
note that it seems to be fixed in more recent openssl versions.
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to openssl in Ubuntu.
https://bugs.launchpad.net/bugs/1551274
Title:
creating SRP file crashes openssl
Status in openssl package in Ubuntu:
New
Bug description:
the following, with "test", "test" as passwords, make openssl crash:
touch passwd.srpv ; openssl srp -srpvfile passwd.srpv -add user
ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssl 1.0.2f-2ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-4.19-generic 4.4.1
Uname: Linux 4.4.0-4-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
CurrentDesktop: GNOME
Date: Mon Feb 29 16:15:20 2016
InstallationDate: Installed on 2015-12-02 (89 days ago)
InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64
(20151027)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openssl/+bug/1551274/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
