Ubuntu
openssl package

creating SRP file crashes openssl

Bug #1551274 reported by Muelli
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
High
Unassigned

Bug Description

the following, with "test", "test" as passwords, make openssl crash:

touch passwd.srpv ; openssl srp -srpvfile passwd.srpv -add user

ProblemType: Bug
DistroRelease: Ubuntu 16.04
Package: openssl 1.0.2f-2ubuntu1
ProcVersionSignature: Ubuntu 4.4.0-4.19-generic 4.4.1
Uname: Linux 4.4.0-4-generic x86_64
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
CurrentDesktop: GNOME
Date: Mon Feb 29 16:15:20 2016
InstallationDate: Installed on 2015-12-02 (89 days ago)
InstallationMedia: Ubuntu-GNOME 16.04 LTS "Xenial Xerus" - Alpha amd64 (20151027)
SourcePackage: openssl
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :
Revision history for this message
Muelli (ubuntu-bugs-auftrags-killer) wrote :

The following patch helps me

--- openssl-1.0.2f/crypto/srp/srp_vfy.c 2016-01-28 14:38:31.000000000 +0100
+++ openssl-1.0.2f-patched/crypto/srp/srp_vfy.c 2016-03-02 12:18:01.320339059 +0100
@@ -588,8 +588,12 @@
         BN_free(N_bn);
         BN_free(g_bn);
     }
- OPENSSL_cleanse(vf, vfsize);
- OPENSSL_free(vf);
+
+ if (vf) {
+ OPENSSL_cleanse(vf, vfsize);
+ OPENSSL_free(vf);
+ }
+
     BN_clear_free(s);
     BN_clear_free(v);
     return result;

note that it seems to be fixed in more recent openssl versions.

tags: added: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in openssl (Ubuntu):
status: New → Confirmed
Alberto Salvia Novella (es20490446e)
Changed in openssl (Ubuntu):
importance: Undecided → High
Revision history for this message
Adrien Nader (adrien) wrote :

I've tried to reproduce the issue but it doesn't fail for me. I"ve also looked at the code and it seems to now call OPENSSL_clear_free() which is actually CRYPTO_clear_free() and the first thing this function does is to check its first parameter is not NULL.

Considering all of the above, I'm going to mark this bug as Fix Released.

Changed in openssl (Ubuntu):
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.