Bug#969559: curl segmentation fauls on any https URL

2020-09-14 Thread Bruce Momjian,,,
On Fri, Sep 11, 2020 at 06:28:20PM +0200, Bernhard Übelacker wrote: > Dear Maintainer, hello Bruce Momjian, > with the last informations the issue is perfectly reproducible. > > It looks like a use after free caused by statically stored > function pointers in libengine-pkcs11-openssl / libp11. >

Bug#969559: curl segmentation fauls on any https URL

2020-09-11 Thread Bernhard Übelacker
Dear Maintainer, hello Bruce Momjian, with the last informations the issue is perfectly reproducible. It looks like a use after free caused by statically stored function pointers in libengine-pkcs11-openssl / libp11. That led to following upstream bug: https://github.com/OpenSC/libp11/issues/32

Bug#969559: Info received (Bug#969559: curl segmentation fauls on any https URL)

2020-09-07 Thread Bruce Momjian,,,
Oh, the kernel error message might be helpful: curl[4979] general protection ip:7f3a3da00bce sp:7fff5dc217d0 error:0 in libcrypto.so.1.1[7f3a3d8fe000+19e000] -- Bruce Momjian https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of

Bug#969559: curl segmentation fauls on any https URL

2020-09-07 Thread Bruce Momjian,,,
On Sun, Sep 6, 2020 at 02:37:22PM +0200, Bernhard Übelacker wrote: > Hello Bruce Momjian, > thanks for the details and confirmation. > > > Am 05.09.20 um 17:32 schrieb Bruce Momjian,,,: > > (gdb) print pmeth->init > > $1 = (int (*)(EVP_PKEY_CTX *)) 0xf0e0d0c0b0a0908 > > > gdb) print

Bug#969559: curl segmentation fauls on any https URL

2020-09-06 Thread Bernhard Übelacker
Hello Bruce Momjian, thanks for the details and confirmation. Am 05.09.20 um 17:32 schrieb Bruce Momjian,,,: > (gdb) print pmeth->init > $1 = (int (*)(EVP_PKEY_CTX *)) 0xf0e0d0c0b0a0908 > gdb) print *pmeth > $8 = {pkey_id = 50462976, flags = 117835012, init = 0xf0e0d0c0b0

Bug#969559: Info received (Bug#969559: curl segmentation fauls on any https URL)

2020-09-05 Thread Bruce Momjian,,,
I have checked my pkcs11 device and it is functioning properly, but curl still crashes. Fortunately I can just use 'wget' until this is fixed. -- Bruce Momjian https://momjian.us EnterpriseDB https://enterprisedb.com The usefulness of a cup is in its

Bug#969559: curl segmentation fauls on any https URL

2020-09-05 Thread Bruce Momjian,,,
On Sat, Sep 5, 2020 at 03:50:20PM +0200, Bernhard Übelacker wrote: > Dear Maintainer, > I tried to reproduce this fault, but did not get a segfault. > > However, I think the backtrace points to these lines: > > (gdb) bt > #0 0x7769dbce in int_ctx_new () at ../crypto/evp/pmeth_li

Bug#969559: curl segmentation fauls on any https URL

2020-09-05 Thread Bernhard Übelacker
Dear Maintainer, I tried to reproduce this fault, but did not get a segfault. However, I think the backtrace points to these lines: (gdb) bt #0 0x7769dbce in int_ctx_new () at ../crypto/evp/pmeth_lib.c:160 #1 0x7769dcfa in EVP_PKEY_CTX_new () at ../crypto/evp/pmeth_

Bug#969559: curl segmentation fauls on any https URL

2020-09-04 Thread Bruce Momjian,,,
Package: curl Version: 7.64.0-4+deb10u1 Severity: grave Justification: renders package unusable Dear Maintainer, *** Reporter, please consider answering these questions, where appropriate *** Simply type: $ curl https://google.com Segmentation fault or use any https URL.