Bug#624254: libssl1.0.0: segfault when attempting a secured PostgreSQL connection

[Marc Dequènes (Duck)]

Package: libssl1.0.0
Version: 1.0.0d-2
Severity: important

Coin,


Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f384f495700 (LWP 14122)]
0x0000000000000000 in ?? ()
(gdb) bt
#0  0x0000000000000000 in ?? ()

#2  0x00007f3849d3114b in tls1_mac (ssl=0x1118eb0,

#6  0x00007f3849d24fc4 in ssl3_connect (s=0x1118eb0) at s3_clnt.c:456
#7  0x00007f3849f7f8b3 in open_client_SSL (conn=0x126e670) at fe-secure.c:1161

#9  0x00007f3849f689a3 in PQconnectPoll (conn=0x126e670) at fe-connect.c:1926

[…]





Regards.

--
Marc Dequènes (Duck)

In a program, i'm connecting to a remote PostgreSQL server using TLS, which now gives the following result: #1 0x00007f38499c41d5 in int_update (ctx=<value optimized out>, data=<value optimized out>, count=<value optimized out>) at hm_pmeth.c:144 md=0x1826f81 "\307+\225\336\070\240\004\210~\322]\345\026\245\341\325\354\016\034\024ZP\r3$\351R\257\277Q[\033\312ƾn\254~\242I2O\006\065\221yƀ\202\252\275<\352Xf\235\277\332\321s", <incomplete sequence \306>, send=1) at t1_enc.c:932 #3 0x00007f3849d28e86 in do_ssl3_write (s=0x1118eb0, type=22, buf=0x197b5b0 "\024", len=16, create_empty_fragment=0) at s3_pkt.c:771 #4 0x00007f3849d28fe6 in ssl3_write_bytes (s=0x1118eb0, type=22, buf_=0x197b5b0, len=<value optimized out>) at s3_pkt.c:603 #5 0x00007f3849d2a422 in ssl3_do_write (s=0x1118eb0, type=22) at s3_both.c:132 #8 0x00007f3849f7df19 in pqsecure_open_client (conn=0x126e670) at fe-secure.c:284 #10 0x00007f3849f67bc5 in connectDBComplete (conn=0x126e670) at fe-connect.c:1359 #11 0x00007f3849f661e3 in PQconnectdb (conninfo=0x126e5a0 "host='xxx' port='5432' dbname='xxx' user='xxx' password='xxx'") at fe-connect.c:400 The program as not changed, and worked using libpq5 9.0.3-1. What made me think it is a libssl bug and not a postgresql is it appeared right after upgrading libpq5 to 9.0.3-1+b1, and the reason for this binary rebuild was (according to wb): Rebuild against libssl1.0.0. Btw, as the debian/rules does not honour the nocheck build option, and the upstream build system is custom, i had no quick way to disable optimizations.

pgpbm4xqUTjK2.pgp
Description: PGP Digital Signature