Bug 473781 - m2crypto occasionally causes python to segfault
m2crypto occasionally causes python to segfault
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: m2crypto (Show other bugs)
All Linux
medium Severity high
: rc
: ---
Assigned To: Miloslav Trmač
Depends On:
  Show dependency treegraph
Reported: 2008-11-30 10:30 EST by Dan Kenigsberg
Modified: 2009-01-22 10:26 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-12-04 17:45:17 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Dan Kenigsberg 2008-11-30 10:30:49 EST
Description of problem:
while using m2crypto-0.18 to maintain ssl connections, we experienced occasional segmentation faults.

Version-Release number of selected component (if applicable):

These segfaults may very well be related to the following upstream bug
as we did not experience segfaults with m2crypto-0.19.1.

Just like bug 472690, it has obvious security implications.
Comment 1 Miloslav Trmač 2008-12-03 14:10:50 EST
Thanks for your report.

The bug describes segfaults caused by loading public key (without the private exponent) and using it in one of the RSA methods, which implies a call to RSA.check_key (RSA_check_key).  This crashes because it attempts to access the private exponent, which is NULL.

The current upstream fix changes the API (see https://bugzilla.osafoundation.org/show_bug.cgi?id=12465 ), so it is unusable for RHEL5.

AFAICS this crash is entirely deterministic and not security related.

If the segmentation faults were "occasional", this change is probably not relevant to your problem.

As long as we are guessing, the following CHANGES entry is another option:
> - Prevent Connection.makefile from freeing bio redundantly, by Thomas Uram
but it would be much better to know the cause of the crashes for certain.

I'm inclined to close this bug WONTFIX - have I overlooked a reason not to?

Note You need to log in before you can comment on or make changes to this bug.