Bug#1013441: openssl crashes with "munmap_chunk(): invalid pointer"

[Philippe Daouadi]

Package: libssl3
Version: 3.0.4-1

Hello,

openssl crashes when it signs things with RSA.
I discovered the bug with sbtool and sign-file, but found out that I can reproduce it with just openssl.
My system worked fine before I ran `apt full-upgrade`, I probably didn't run it for a month or so.

$ openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME PK/" -keyout PK.key \
        -out PK.crt -days 3650 -nodes -sha256
..+......+....+..+....+...+..+...+.+......+..............................+.....+......+...+....+...+..+...+...+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.....+..........+...........+....+.....+....+......+.....+.+.....+...............+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
....+.+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+......+.+......+.....+.......+......+.........+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+........+....+...+......+.....+.+...........+.......+...........+.........+.......+......+..+...+.........+.+............+..+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
munmap_chunk(): invalid pointer
[1]    462685 IOT instruction  openssl req -new -x509 -newkey rsa:2048 -subj "/CN=$NAME PK/" -keyout PK.key

I tried getting a backtrace from gdb:

Thread 1 (Thread 0x7ffff7ec5740 (LWP 468166) "openssl"):
#0  __GI_raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:49
#1  0x00007ffff7849546 in __GI_abort () at abort.c:79
#2  0x00007ffff78a0eb8 in __libc_message (action=action@entry=do_abort, fmt=fmt@entry=0x7ffff79bea78 "%s\n") at ../sysdeps/posix/libc_fatal.c:155
#3  0x00007ffff78a891a in malloc_printerr (str=str@entry=0x7ffff79c0a20 "munmap_chunk(): invalid pointer") at malloc.c:5628
#4  0x00007ffff78a8d6c in munmap_chunk (p=<optimized out>) at malloc.c:2995
#5  0x00007ffff78ad9e3 in __GI___libc_free (mem=<optimized out>) at malloc.c:3302
#6  0x00007ffff7b2bd2c in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#7  0x00007ffff7b1858e in BN_mod_exp_mont_consttime_x2 () from /lib/x86_64-linux-gnu/libcrypto.so.3
#8  0x00007ffff7c77b6d in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#9  0x00007ffff7c79010 in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#10 0x00007ffff7c7d0d1 in RSA_sign () from /lib/x86_64-linux-gnu/libcrypto.so.3
#11 0x00007ffff7d31aec in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#12 0x00007ffff7d31d7f in ?? () from /lib/x86_64-linux-gnu/libcrypto.so.3
#13 0x00007ffff7c135fc in EVP_DigestSignFinal () from /lib/x86_64-linux-gnu/libcrypto.so.3
#14 0x00007ffff7ae9d40 in ASN1_item_sign_ctx () from /lib/x86_64-linux-gnu/libcrypto.so.3
#15 0x00005555555eeb7e in ?? ()
#16 0x00005555555c5a42 in ?? ()
#17 0x00005555555ba9d2 in ?? ()
#18 0x0000555555596358 in ?? ()
#19 0x00007ffff784a7fd in __libc_start_main (main=0x555555596190, argc=16, argv=0x7fffffffdb28, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffffffdb18) at ../csu/libc-start.c:332
#20 0x000055555559647a in ?? ()

I tried running it in valgrind but it doesn't crash in that case.

Thanks,
Philippe

-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.18.0-2-amd64 (SMP w/8 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libssl3 depends on:
ii  libc6  2.33-7

libssl3 recommends no packages.

libssl3 suggests no packages.

[Gianpaolo Cugola]

I confirm that the bug affects NetworkManager wifi connections under sid, crashing wpa_supplicant with "munmap_chunk(): invalid pointer" message.

As a workaround I reinstalled previous version 3.0.3-8

Let me know if I can help in any way.

Thanks

  Gianpaolo

[Sébastien Noel]

Hi,

I had a similar crash with the same error message with openvpn.
Downgrading libssl3 to version 3.0.3-8 did fix the issue.

It seems to be related to this upstream bug:
https://github.com/openssl/openssl/issues/18625

br,

Sébastien

On Thu, 23 Jun 2022 19:28:11 +0200 Philippe Daouadi <phil...@ud2.org>
wrote:

[Sebastian Andrzej Siewior]

On 2022-06-24 13:07:59 [+0200], Sébastien Noel wrote:
> Hi,

Hi,

> I had a similar crash with the same error message with openvpn.
> Downgrading libssl3 to version 3.0.3-8 did fix the issue.
>
> It seems to be related to this upstream bug:
> https://github.com/openssl/openssl/issues/18625

My plan is to make an upload today in the evening with
https://github.com/xry111/openssl/commit/71ad6a8da3e39bd4caf5c6c767287ddd9bce8bae

If someone could please confirm that it indeed fixes the issue, that
would be great. But if that is the case then the question is why
everyone is having avx512 but me.

> br,
>
> Sébastien

Sebastian

[Sébastien Noel]

Hi Sebastian,

> If someone could please confirm that it indeed fixes the issue, that
> would be great

I have been running my laptop with a local openssl build with this
patch applied for a few hours now, it fixed the issue.

Thanks in advance for making the upload :-)

br,
Sébastien


Le vendredi 24 juin 2022 à 15:09 +0200, Sebastian Andrzej Siewior a
écrit :