OCSP request with --phone-out and with supplied binary when using systemd for host resolution with my*entries segfaults #2516
Comments
multiflexi
added
bug:needs triage/confirmation
bug:to be reproduced
|
Hi @multiflexi ,
|
|
Yes, only with --phone-out. |
|
Ok, thanks! I meant just the command which segfaulted. I'll guess I'll find the segfault in the hay stack later ;-) |
|
Plan is to compile the binaries on a newer platform , while tackling #2356 |
|
Hi @multiflexi : can you please try his binary: https://testssl.sh/openssl-1.0.2k-bad/openssl.Linux.x86_64.static and let me know whether it works? |
|
Hi, sorry for the delay. It still outputs Segmentation fault: |
|
Sigh. OK, thanks. That was on Fedora 40 only and not on Ubuntu 22.04? In the above strace I maybe found something fishy but I can't really tell. Does that happen when checking a specific host or any host? |
|
This was on current Manjaro. Today I also tested Fedora 41 with the same error and Ubuntu 22.04 where it worked fine. It happens when checking any host. |
|
Thanks, but it seems I can't correlate your line 2044 (here: line 2091) with the strace output. As said if it really segfaults there it would help if you could only strace that line. |
|
How can I do that? |
|
|
I should have think of that 😄 Here you go. |
|
Thanks! Did you supply the -f flag? It doesn't give me a strong hint as I hoped. It looks more like openssl triggered the problem but is not the problem. Before the thing segfaulted the loader was mapped into memory. Then some of the memory was protected to read only. Then SEGV_MAPERR indicated that some memory was accessed to which the pointer was wrong or it wasn't possible. Address is likely not 0x1e83c0 . Wild guess: Do the distros where it segfaults the same |
|
Yes I did use -f:
Manjaro where it segfaults:
Fedora where it segfaults:
Ubuntu where it works fine:
|
|
for testing sakes, can't you try to set the host entries for the first two to PS: Never heard about myhostname or mymachines before but looking at an Alma Linux test machine here says it's using systemd . Oh well... |
|
So I tested it on Fedora and if dns is at the end of hosts line, it segfaults, if I move it to the second place, it works fine. I am able to reproduce it every time. |
drwetter
changed the title
|
Awesome. Thanks for helping to clarify though! At the moment I'd rather leave it (the cause) like it is -- as I am clueless and this seems to be the either systemd's problem or is somewhere in the middle between systemd and the openssl used. I changed the title. What I could do as a mitigation is trying to catch the segfault and issue a warning I assume "your" segfault didn't stop the whole scan? If you like , maybe you can try the remove other entries and or move dns in nsswitch around. |
|
No, the segfault does not stop the scan. I will try to play with nsswitch in free time. |
|
NOTFOUND=return looks strange, but maybe I have to rtfm before guessing 😃 |
The error is:
testssl.sh/testssl.sh: line 2031: 3055367 Segmentation fault $OPENSSL ocsp -no_nonce ${host_header} -url "$uri" -issuer $TEMPDIR/hostcert_issuer.pem -verify_other $TEMPDIR/intermediatecerts.pem -CAfile <(cat $ADDTL_CA_FILES "$GOOD_CA_BUNDLE") -cert $HOSTCERT -text &> "$tmpfile"This happens with --phone-out with supplied openssl (the bad version), but when the openssl is compiled from the source, the error does not occur. Also it does not occur with the system provided openssl.
Using the latest 3.2 version
Tested distros: Fedora 40, Ubuntu 22.04 and Slackware 15
The text was updated successfully, but these errors were encountered: