Ubuntu
openssl package

Potential use after free bugs in 1.1.1

Bug #1940656 reported by Dimitri John Ledkov
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
openssl (Ubuntu)
Fix Released
Medium
Unassigned
Focal
Fix Released
Medium
Unassigned

Bug Description

[Impact]

 * There have been multiple use-after-free bugs fixed in OpenSSL 1.1.1 stable branches which have not yet been applied in Focal. They are difficult to reproduce, often require an engine to be used, and somehow fail, as these use-after-free bugs are all in error conditions and error paths. Usually fixing local configuration, and making engine available is the right solution. It is however better to return errors than crash. These patches are in 1.1.1h+ and openssl-3.

[Test Plan]

 * The fixes were applied upstream without clear reproducers, or unit tests

 * Check that all autopkgtests pass and there no regressions

 * Configure and use openssl with any engine and ensure that it continues to work

[Where problems could occur]

 * There will be behaviour change, such that multithreaded applications may now notice Null pointers from the openssl engine apis, when previously they saw valid pointers which were freed already. Meaning that on connection failures, daemon or application shutdowns, different messages might be generated i.e. invalid engine context, unallocated methods, instead of crashing with double free.

[Other Info]

 * Multiple customers are using openssl 1.1.1 with engines these days, reporting various issues, it is better to have more resilient openssl w.r.t. engine use in case of engine missuse.

See original description
Dimitri John Ledkov (xnox)
description: updated
Changed in openssl (Ubuntu):
status: New → Fix Released
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
Revision history for this message
Dimitri John Ledkov (xnox) wrote :
Revision history for this message
Robie Basak (racb) wrote :

Shouldn't these go into the security pocket? At the least I'd like an explicit nak from the security team please.

Changed in openssl (Ubuntu Focal):
status: New → Incomplete
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I would agree that any hypothetical use-after-free / double-free errors are usually also security vulnerabilities. But these ones were discovered with static analysis and/or affecting engine use, in error conditions only. Thus connectivity must already be failing / denied, before one can trip these ones up. Not sure if one can further stage an attack by staging a connection failure, and try to disclose information from that.

Will ping security team about it.

Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

I'd rather these go through the SRU process first, and they will get picked up automatically next time we do an openssl security update.

Dimitri John Ledkov (xnox)
Changed in openssl (Ubuntu Focal):
status: Incomplete → In Progress
assignee: nobody → Robie Basak (racb)
Revision history for this message
Robie Basak (racb) wrote :

Thanks Marc and Dimitri! With Marc's confirmation this is unblocked from the SRU queue then.

But please don't assign me. Any member of the SRU team can process this. Assigning individual SRU team members not part of the SRU process, implies an implied lock that isn't there, and would only delay things because I am not processing SRUs this week.

Changed in openssl (Ubuntu Focal):
assignee: Robie Basak (racb) → nobody
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Dimitri, or anyone else affected,

Accepted openssl into focal-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/openssl/1.1.1f-1ubuntu2.9 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-focal to verification-done-focal. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-focal. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in openssl (Ubuntu Focal):
status: In Progress → Fix Committed
tags: added: verification-needed verification-needed-focal
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (openssl/1.1.1f-1ubuntu2.9)

All autopkgtests for the newly accepted openssl (1.1.1f-1ubuntu2.9) for focal have finished running.
The following regressions have been reported in tests triggered by the package:

puma/3.12.4-1ubuntu2 (s390x)
kopanocore/8.7.0-7ubuntu1 (amd64, arm64)
casync/2+20190213-1 (s390x)
uftp/4.10.1-1 (amd64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/focal/update_excuses.html#openssl

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Mathew Hodson (mhodson)
Changed in openssl (Ubuntu):
importance: Undecided → Medium
Changed in openssl (Ubuntu Focal):
importance: Undecided → Medium
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

There is now only a transient ADT regression in Regression in linux-hwe-5.13 (armhf), which is not a valid ADT because armhf ADT runs in lxd containers and does not boot the requested kernel.

Please release this package.

Revision history for this message
Brian Murray (brian-murray) wrote :

@xnox Could you finish the verification and tag the bug verification-done?

" * Configure and use openssl with any engine and ensure that it continues to work"

Revision history for this message
Dimitri John Ledkov (xnox) wrote :

I currently do not have a more regular smartcard setup to test out a hardware pk11 engine with openssl, which is typically the most common one. But I can use software gost engine to test out that algos provided by the engine operate correctly.

Installed openssl from proposed, and gost engine.

$ dpkg -l | grep -e 1.1.1f -e openssl

ii libengine-gost-openssl1.1 1.1.0.3-1 amd64 Loadable module for openssl implementing GOST algorithms
ii libssl1.1:amd64 1.1.1f-1ubuntu2.9 amd64 Secure Sockets Layer toolkit - shared libraries
ii openssl 1.1.1f-1ubuntu2.9 amd64 Secure Sockets Layer toolkit - cryptographic utility

Without engine configured, connectivity fails to GOST only website:

# openssl s_client -connect tlsgost.cryptopro.ru:443
CONNECTED(00000003)
140163445085504:error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol:../ssl/statem/statem_lib.c:1941:

Configured gost engine, and connect to GOST only website:

# openssl s_client -connect tlsgost.cryptopro.ru:443
CONNECTED(00000003)
depth=0 CN = id-GostR3410-2001-CryptoPro-XchA-ParamSet_256noauth
verify error:num=20:unable to get local issuer certificate
verify return:1
depth=0 CN = id-GostR3410-2001-CryptoPro-XchA-ParamSet_256noauth
verify error:num=21:unable to verify the first certificate
verify return:1
...
New, TLSv1.0, Cipher is GOST2012-GOST8912-GOST8912
Server public key is 256 bit
...
GET /
...
<p> TLS connection with id-GostR3410-2001-CryptoPro-XchA-ParamSet no auth requred.</p>

Connectivity using algos provided by a crypto engine worked.

Note that certificate was not verified, as we don't currently ship GOST CA certificates.

Dimitri John Ledkov (xnox)
tags: added: verification-done verification-done-focal
removed: verification-needed verification-needed-focal
Revision history for this message
Timo Aaltonen (tjaalton) wrote : Update Released

The verification of the Stable Release Update for openssl has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package openssl - 1.1.1f-1ubuntu2.9

---------------
openssl (1.1.1f-1ubuntu2.9) focal; urgency=medium

  * Cherry-pick stable patches to fix potential use-after-free. LP:
    #1940656

 -- Dimitri John Ledkov <email address hidden> Wed, 25 Aug 2021 02:13:44 +0100

Changed in openssl (Ubuntu Focal):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.