On Sun, Feb 19, 2012 at 09:05:06AM +0100, Otto Moerbeek wrote: > On Sun, Feb 19, 2012 at 08:50:40AM +0100, Matthieu Herrb wrote: > > > Hi, > > > > I use irssi to to connect to oftc.net channels, using SSL and a > > personal certificate to authenticate myself. From time to time (once > > every 2 weeks or so, but its' not a regular frequence) it segfaults > > because of a NULL pointer dereference, somewhere in the SSL code. > > > > I somehow trust OpenBSD's defense mechanisms to make this harder to > > exploit, but still it doesn't feel too good. > > > > Backtrace below. Not that it's not an action on my side that triggers > > this. It generally happens during the night while I'm away from the > > keyboard. > > It seems the trace shows there's a irssi callback function involved: > net_connect_ip_ssl(). That would be my first suspect. Compiling irssi > with debug might reveal more.
Looked a bit around changelog looking for SSL changes, could this be it? http://bugs.irssi.org/index.php?do=details&task_id=752 > -Otto > > > > > > Loaded symbols for /usr/libexec/ld.so > > #0 strncpy (dst=0x7f7ffffc92e0 "?\234??\177\177", src=0x0, n=1024) > > at /local/OpenBSD/src/lib/libc/string/strncpy.c:53 > > 53 if ((*d++ = *s++) == 0) { > > (gdb) bt > > #0 strncpy (dst=0x7f7ffffc92e0 "?\234??\177\177", src=0x0, n=1024) > > at /local/OpenBSD/src/lib/libc/string/strncpy.c:53 > > #1 0x000000000048b607 in net_connect_ip_ssl () > > #2 0x0000000205601f31 in PEM_do_header (cipher=0x7f7ffffc9870, > > data=0x20d14f000 "?k?V?p?-l", plen=0x7f7ffffc9850, callback=Variable > > "callback" is not available. > > ) > > at /local/OpenBSD/src/lib/libssl/crypto/../src/crypto/pem/pem_lib.c:451 > > #3 0x000000020560243d in PEM_bytes_read_bio (pdata=0x7f7ffffc98e8, > > plen=0x7f7ffffc98e0, pnm=0x7f7ffffc98f8, > > name=0x20573a2c5 "ANY PRIVATE KEY", bp=0x2068ba080, > > cb=0x48b5b0 <net_connect_ip_ssl+1008>, u=0x2081908a0) > > at /local/OpenBSD/src/lib/libssl/crypto/../src/crypto/pem/pem_lib.c:296 > > #4 0x0000000205595997 in PEM_read_bio_PrivateKey (bp=Variable "bp" is not > > available. > > ) > > at /local/OpenBSD/src/lib/libssl/crypto/../src/crypto/pem/pem_pkey.c:84 > > #5 0x000000020e0e76ef in SSL_CTX_use_PrivateKey_file (ctx=0x20922fc00, > > file=0x200ecbe40 "/home/matthieu/.irssi/certs/mherrb.pem", type=1) > > at /local/OpenBSD/src/lib/libssl/ssl/../src/ssl/ssl_rsa.c:654 > > #6 0x000000000048b2d5 in net_connect_ip_ssl () > > #7 0x0000000000481f23 in server_connect_finished () > > #8 0x00000000004823b9 in server_start_connect () > > #9 0x000000000047a5aa in mask_match () > > #10 0x00000002029a9125 in g_main_context_dispatch () > > from /usr/local/lib/libglib-2.0.so.2992.0 > > #11 0x00000002029ac9cc in g_main_context_check () > > from /usr/local/lib/libglib-2.0.so.2992.0 > > #12 0x00000002029aceee in g_main_context_iteration () > > from /usr/local/lib/libglib-2.0.so.2992.0 > > #13 0x0000000000428733 in main () > > (gdb) p d > > $1 = 0x7f7ffffc92e0 "?\234??\177\177" > > (gdb) p s > > $2 = 0x0 > > (gdb) > > > > % irssi --version > > irssi 0.8.15 (20100403 1617) > > > > OpenBSD 5.0-current (GENERIC.MP) #0: Sat Dec 3 09:43:45 CET 2011 > > matth...@cortez.herrb.net:/usr/obj/GENERIC.MP > > real mem = 4025024512 (3838MB) > > avail mem = 3903729664 (3722MB) > > mainbus0 at root > > bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xfbdd0 (54 entries) > > bios0: vendor American Megatrends Inc. version "V1.0" date 02/20/2009 > > bios0: MICRO-STAR INTERNATIONAL CO.,LTD MS-7576 > > acpi0 at bios0: rev 0 > > acpi0: sleep states S0 S1 S4 S5 > > acpi0: tables DSDT FACP APIC MCFG OEMB HPET > > acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) > > PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2K(S1) PS2M(S1) P0PC(S4) > > UHC1(S4) UHC2(S4) UHC3(S4) USB4(S4) UHC5(S4) UHC6(S4) UHC7(S4) PWRB(S1) > > acpitimer0 at acpi0: 3579545 Hz, 32 bits > > acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat > > cpu0 at mainbus0: apid 0 (boot processor) > > cpu0: AMD Athlon(tm) X2 250 Processor, 3000.65 MHz > > cpu0: > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW > > cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB > > 64b/line 16-way L2 cache > > cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully > > associative > > cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully > > associative > > cpu0: apic clock running at 200MHz > > cpu1 at mainbus0: apid 1 (application processor) > > cpu1: AMD Athlon(tm) X2 250 Processor, 3000.15 MHz > > cpu1: > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW > > cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB > > 64b/line 16-way L2 cache > > cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully > > associative > > cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully > > associative > > ioapic0 at mainbus0: apid 2 pa 0xfec00000, version 21, 24 pins > > acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255 > > acpihpet0 at acpi0: 14318180 Hz > > acpiprt0 at acpi0: bus 0 (PCI0) > > acpiprt1 at acpi0: bus 1 (P0P1) > > acpiprt2 at acpi0: bus -1 (PCE2) > > acpiprt3 at acpi0: bus -1 (PCE3) > > acpiprt4 at acpi0: bus -1 (PCE4) > > acpiprt5 at acpi0: bus 2 (PCE5) > > acpiprt6 at acpi0: bus 0 (PCE6) > > acpiprt7 at acpi0: bus -1 (PCE7) > > acpiprt8 at acpi0: bus -1 (PCE9) > > acpiprt9 at acpi0: bus -1 (PCEA) > > acpiprt10 at acpi0: bus -1 (PCEB) > > acpiprt11 at acpi0: bus -1 (PCEC) > > acpiprt12 at acpi0: bus 3 (P0PC) > > acpicpu0 at acpi0 > > acpicpu1 at acpi0 > > acpibtn0 at acpi0: PWRB > > pci0 at mainbus0 bus 0 > > pchb0 at pci0 dev 0 function 0 "AMD RS780 Host" rev 0x00 > > ppb0 at pci0 dev 1 function 0 "AMD RS780 PCIE" rev 0x00 > > pci1 at ppb0 bus 1 > > vga1 at pci1 dev 5 function 0 "ATI Radeon HD 3300" rev 0x00 > > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > > radeondrm0 at vga1: apic 2 int 18 > > drm0 at radeondrm0 > > azalia0 at pci1 dev 5 function 1 "ATI RS780 HD Audio" rev 0x00: msi > > azalia0: no supported codecs > > ppb1 at pci0 dev 5 function 0 "AMD RS780 PCIE" rev 0x00: msi > > pci2 at ppb1 bus 2 > > re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x03: RTL8168D/8111D > > (0x2800), apic 2 int 17, address 00:24:21:20:da:c2 > > rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 > > ppb2 at pci0 dev 6 function 0 "AMD RS780 PCIE" rev 0x00: not configured by > > system firmware > > ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x00: apic 2 int 22, > > AHCI 1.1 > > scsibus0 at ahci0: 32 targets > > cd0 at scsibus0 targ 2 lun 0: <Optiarc, DVD RW AD-7200S, 1.0A> ATAPI > > 5/cdrom removable > > sd0 at scsibus0 targ 3 lun 0: <ATA, ST3320613AS, CC2H> SCSI3 0/direct fixed > > naa.5000c50013fa5682 > > sd0: 305245MB, 512 bytes/sector, 625142448 sectors > > ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 2 int 16, > > version 1.0, legacy support > > ohci1 at pci0 dev 18 function 1 "ATI SB700 USB" rev 0x00: apic 2 int 16, > > version 1.0, legacy support > > ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17 > > usb0 at ehci0: USB revision 2.0 > > uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1 > > ohci2 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 2 int 18, > > version 1.0, legacy support > > ohci3 at pci0 dev 19 function 1 "ATI SB700 USB" rev 0x00: apic 2 int 18, > > version 1.0, legacy support > > ehci1 at pci0 dev 19 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 19 > > usb1 at ehci1: USB revision 2.0 > > uhub1 at usb1 "ATI EHCI root hub" rev 2.00/1.00 addr 1 > > piixpm0 at pci0 dev 20 function 0 "ATI SBx00 SMBus" rev 0x3c: SMI > > iic0 at piixpm0 > > iic0: addr 0x28 01=20 02=00 03=00 04=20 05=00 06=00 07=83 3e=03 41=20 42=00 > > 43=00 44=20 45=00 46=00 47=83 81=20 82=00 83=00 84=20 85=00 86=00 87=83 > > c1=20 c2=00 c3=00 c4=20 c5=00 c6=00 c7=83 words 00=ff20 01=2000 02=0000 > > 03=00ff 04=20ff 05=00ff 06=00ff 07=ffff > > spdmem0 at iic0 addr 0x50: 2GB DDR3 SDRAM PC3-10600 > > spdmem1 at iic0 addr 0x51: 2GB DDR3 SDRAM PC3-10600 > > pciide0 at pci0 dev 20 function 1 "ATI SB700 IDE" rev 0x00: DMA, channel 0 > > configured to compatibility, channel 1 configured to compatibility > > wd0 at pciide0 channel 1 drive 0: <ST3320613AS> > > wd0: 16-sector PIO, LBA48, 305245MB, 625142448 sectors > > wd0(pciide0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 6 > > azalia1 at pci0 dev 20 function 2 "ATI SBx00 HD Audio" rev 0x00: apic 2 int > > 16 > > azalia1: codecs: Realtek/0x0889 > > audio0 at azalia1 > > pcib0 at pci0 dev 20 function 3 "ATI SB700 ISA" rev 0x00 > > ppb3 at pci0 dev 20 function 4 "ATI SB600 PCI" rev 0x00 > > pci3 at ppb3 bus 3 > > ohci4 at pci0 dev 20 function 5 "ATI SB700 USB" rev 0x00: apic 2 int 18, > > version 1.0, legacy support > > pchb1 at pci0 dev 24 function 0 "AMD AMD64 10h HyperTransport" rev 0x00 > > pchb2 at pci0 dev 24 function 1 "AMD AMD64 10h Address Map" rev 0x00 > > pchb3 at pci0 dev 24 function 2 "AMD AMD64 10h DRAM Cfg" rev 0x00 > > km0 at pci0 dev 24 function 3 "AMD AMD64 10h Misc Cfg" rev 0x00 > > pchb4 at pci0 dev 24 function 4 "AMD AMD64 10h Link Cfg" rev 0x00 > > usb2 at ohci0: USB revision 1.0 > > uhub2 at usb2 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > > usb3 at ohci1: USB revision 1.0 > > uhub3 at usb3 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > > usb4 at ohci2: USB revision 1.0 > > uhub4 at usb4 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > > usb5 at ohci3: USB revision 1.0 > > uhub5 at usb5 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > > isa0 at pcib0 > > isadma0 at isa0 > > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo > > com0: probed fifo depth: 15 bytes > > pckbc0 at isa0 port 0x60/5 > > pckbd0 at pckbc0 (kbd slot) > > pckbc0: using irq 1 for kbd slot > > wskbd0 at pckbd0: console keyboard, using wsdisplay0 > > pcppi0 at isa0 port 0x61 > > spkr0 at pcppi0 > > usb6 at ohci4: USB revision 1.0 > > uhub6 at usb6 "ATI OHCI root hub" rev 1.00/1.00 addr 1 > > mtrr: Pentium Pro MTRR support > > uhidev0 at uhub4 port 3 configuration 1 interface 0 "vendor 0x04f3 USB+PS/2 > > Optical Mouse" rev 1.10/24.58 addr 2 > > uhidev0: iclass 3/1 > > ums0 at uhidev0: 3 buttons, Z dir > > wsmouse0 at ums0 mux 0 > > uplcom0 at uhub5 port 1 "Prolific Technology PL2303 Serial" rev 1.10/2.02 > > addr 2 > > ucom0 at uplcom0 > > vscsi0 at root > > scsibus1 at vscsi0: 256 targets > > softraid0 at root > > scsibus2 at softraid0: 256 targets > > root on wd0a swap on wd0b dump on wd0b > > usb_insert_transfer: xfer=0xffff8000003a0d00 not busy 0x4f4e5155 > > ucomstart: err=INVAL > > usb_insert_transfer: xfer=0xffff800000939600 not busy 0x4f4e5155 > > ucomstart: err=INVAL > > ucom0 detached > > uplcom0 detached > > uplcom0 at uhub5 port 1 "Prolific Technology PL2303 Serial" rev 1.10/2.02 > > addr 2 > > ucom0 at uplcom0 > > ucom0 detached > > uplcom0 detached > > uplcom0 at uhub5 port 1 "Prolific Technology PL2303 Serial" rev 1.10/2.02 > > addr 2 > > ucom0 at uplcom0 > > > > -- > > Matthieu Herrb -- viq
pgpUgBcH2oFwU.pgp
Description: PGP signature
