Bug 1278190 - lynx crashed trying to download from http://www.itu.int/
Summary: lynx crashed trying to download from http://www.itu.int/
Keywords:
Status: CLOSED DUPLICATE of bug 1278194
Alias: None
Product: Fedora
Classification: Fedora
Component: openssl
Version: 23
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-11-04 21:37 UTC by Hin-Tak Leung
Modified: 2015-11-05 10:25 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2015-11-05 08:28:39 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)

Description Hin-Tak Leung 2015-11-04 21:37:10 UTC
Description of problem:
I tried to navigate and download some something from the itu web site, and 
lyn crashed. Reproducible - see steps below.

Version-Release number of selected component (if applicable):
lynx-2.8.9-0.8.dev5.fc23.x86_64
openssl-libs-1.0.2d-2.fc23.x86_64

How reproducible:
at least twice (likely 3rd time when I repeat the below now, simultaneously from lynx and firefox to document the steps).

Steps to Reproduce:
1. lynx http://www.itu.int/ITU-T/studygroups/com17/languages/

2. select http://www.itu.int/rec/T-REC-X/e
3. scroll down to X.509 and go to it.
4. select "X.509 (10/12)"
5. select the download link.


Actual results:

---

A Fatal error has occurred in Lynx Ver. 2.8.9dev.5

Please notify your system administrator to confirm a bug, and
if confirmed, to notify the lynx-dev list.  Bug reports should
have concise descriptions of the command and/or URL which causes
the problem, the operating system name with version number, the
TCPIP implementation, and any other relevant information.

Do NOT mail the core file if one was generated.

Lynx now exiting with signal:  4

Aborted (core dumped)
---


Expected results:
download file

Additional info:
abrt-cli report had not been working for a while for me now, otherwise I'd just go that route to auto-report this.

Just experienced a 3rd crash,

It crash inside openssl

(gdb) bt
#0  0x00007efbf6b14a98 in raise () from /usr/lib64/libc.so.6
#1  0x00007efbf6b1669a in abort () from /usr/lib64/libc.so.6
#2  0x00005655555dccc1 in FatalProblem ()
#3  <signal handler called>
#4  0x00007efbf7152c68 in aesni_cbc_sha256_enc () from /usr/lib64/libcrypto.so.10
#5  0x00007efbf71d035e in aesni_cbc_hmac_sha256_cipher () from /usr/lib64/libcrypto.so.10
#6  0x00007efbf75303a7 in tls1_enc () from /usr/lib64/libssl.so.10
#7  0x00007efbf7522729 in do_ssl3_write () from /usr/lib64/libssl.so.10
#8  0x00007efbf7522b45 in ssl3_write_bytes () from /usr/lib64/libssl.so.10
#9  0x000056555564e7be in HTLoadHTTP ()
#10 0x000056555564c73e in HTLoadDocument ()
#11 0x00005655555d9cb0 in getfile ()
#12 0x00005655555e06bf in mainloop ()
#13 0x00005655555b2e87 in main ()
(gdb)

Comment 1 Tomas Mraz 2015-11-05 08:26:11 UTC
I cannot reproduce the issue with a slightly different version of lynx (lynx-2.8.9-0.3.dev1.fc21.x86_64 and openssl-1.0.2d-1.fc23.x86_64)

Can you reproduce the issue with wget on the https URL that the lynx downloads when you select the Download link?

I suppose this is caused by lynx overwriting the heap which then later causes the OpenSSL library to crash.

Comment 2 Tomas Mraz 2015-11-05 08:28:39 UTC
Oh I see you can reproduce it with wget and it is not a segfault but SIGILL crash, so indeed this is not a lynx problem.

*** This bug has been marked as a duplicate of bug 1278194 ***

Comment 3 Hin-Tak Leung 2015-11-05 10:12:05 UTC
I didn't try to reproduce with wget - I tried wget because lynx didn't work :-).

It is curious that lynx only fails when I tried downloading, but not generally navigating though.

Comment 4 Kamil Dudka 2015-11-05 10:25:05 UTC
(In reply to Hin-Tak Leung from comment #3)
> It is curious that lynx only fails when I tried downloading, but not
> generally navigating though.

I guess you were navigating through unencrypted HTTP (or encrypted using a different cipher-suite).


Note You need to log in before you can comment on or make changes to this bug.