Bug 852691 - openssl 0.9.8 has not picked up locking fixes from upstream
openssl 0.9.8 has not picked up locking fixes from upstream
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: openssl (Show other bugs)
5.7
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Tomas Mraz
BaseOS QE Security Team
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-29 06:29 EDT by Zdeněk Salvet
Modified: 2013-10-31 06:29 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-10-31 06:29:08 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Zdeněk Salvet 2012-08-29 06:29:38 EDT
Description of problem:
openssl 0.9.8 in RHEL5 and 6 has not picked up locking fixes from upstream
distribution, corruption of internal data can occur in multithreaded 
appplications

How reproducible:
quite difficult
  
Actual results:

Example of valgrind report catching race between X509_STORE_add_crl()
and X509_OBJECT_retrieve_by_subject():
==15574== Thread 4:                                                                                                                                   
==15574== Invalid read of size 8                                                                                                                      
==15574==    at 0x312DEA7123: ??? (in /lib64/libcrypto.so.0.9.8e)                                                                                     
==15574==    by 0x312DE5C9A3: OBJ_bsearch_ex (in /lib64/libcrypto.so.0.9.8e)                                                                          
==15574==    by 0x312DE7E370: ??? (in /lib64/libcrypto.so.0.9.8e)                                                                                     
==15574==    by 0x312DEA70BB: X509_OBJECT_idx_by_subject (in /lib64/libcrypto.so.0.9.8e)                                                              
==15574==    by 0x312DEA70F8: X509_OBJECT_retrieve_by_subject (in /lib64/libcrypto.so.0.9.8e)                                                         
==15574==    by 0x312DEA7339: X509_STORE_get_by_subject (in /lib64/libcrypto.so.0.9.8e)                                                               
==15574==    by 0x31E4A048B0: globus_i_gsi_callback_check_revoked (in /usr/lib64/libglobus_gsi_callback.so.0.4.1)                                     
==15574==    by 0x31E4A0562E: globus_i_gsi_callback_cred_verify (in /usr/lib64/libglobus_gsi_callback.so.0.4.1)
==15574==    by 0x31E4A05A31: globus_gsi_callback_handshake_callback (in /usr/lib64/libglobus_gsi_callback.so.0.4.1)
==15574==    by 0x312DEA3E2E: ??? (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x312DEA476A: X509_verify_cert (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x31E4A057BA: globus_gsi_callback_X509_verify_cert (in /usr/lib64/libglobus_gsi_callback.so.0.4.1)
==15574==  Address 0x4dae9b8 is 8 bytes inside a block of size 32 free'd
==15574==    at 0x4A0620D: realloc (vg_replace_malloc.c:476)
==15574==    by 0x312DEDB0EF: CRYPTO_realloc (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x312DE7E43C: sk_insert (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x312DEA77A4: X509_STORE_add_crl (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x312DEA8CED: X509_load_crl_file (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x312DEA939B: ??? (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x312DEA73AE: X509_STORE_get_by_subject (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x31E4A048B0: globus_i_gsi_callback_check_revoked (in /usr/lib64/libglobus_gsi_callback.so.0.4.1)
==15574==    by 0x31E4A0562E: globus_i_gsi_callback_cred_verify (in /usr/lib64/libglobus_gsi_callback.so.0.4.1)
==15574==    by 0x31E4A05A31: globus_gsi_callback_handshake_callback (in /usr/lib64/libglobus_gsi_callback.so.0.4.1)
==15574==    by 0x312DEA3E2E: ??? (in /lib64/libcrypto.so.0.9.8e)
==15574==    by 0x312DEA476A: X509_verify_cert (in /lib64/libcrypto.so.0.9.8e)
Comment 1 Tomas Mraz 2012-08-29 07:17:46 EDT
Thanks for the report, however to properly prioritize your request you need to use the regular Red Hat support channels. Please see http://www.redhat.com/support
Comment 2 Zdeněk Salvet 2012-08-29 07:45:28 EDT
I have noticed the problem on systems not covered by Red Hat support subscription
(in Scientific Linux originally). I just wanted to let you know about this issue
because its effects are likely to be very difficult to debug.
Comment 3 Tomas Mraz 2013-10-31 06:29:08 EDT
This Bugzilla has been reviewed by Red Hat and is not planned on being
addressed in Red Hat Enterprise Linux 5, and therefore will be closed.
If this bug is critical to production systems, please contact your Red
Hat support representative and provide sufficient business
justification. Issue is already fixed in RHEL-6/7.

Note You need to log in before you can comment on or make changes to this bug.