misspellings fixes by https://github.com/vlajos/misspell_fixer #3

vlajos · 2013-06-12T23:23:01Z

misspellings fixes by https://github.com/vlajos/misspell_fixer

benlaurie · 2013-09-05T20:49:13Z

merged in cda01d5

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 #1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 #2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 #3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 #4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 #5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 #6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 #7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 #8 0x555c5f528537 in req_main apps/req.c:683 #9 0x555c5f50e315 in do_cmd apps/openssl.c:426 #10 0x555c5f4c5575 in main apps/openssl.c:307 #11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #23365) (cherry picked from commit ff78d94)

if the private key is output to stdout using the HARNESS_OSSL_PREFIX, out is a stack of BIOs and must therefore free'd using BIO_free_all. Steps to reproduce: $ HARNESS_OSSL_PREFIX=x OPENSSL_CONF=apps/openssl.cnf util/shlib_wrap.sh apps/openssl req -new -keyout - -passout pass: </dev/null [...] Direct leak of 128 byte(s) in 1 object(s) allocated from: #0 0x7f6f692b89cf in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 openssl#1 0x7f6f686eda00 in CRYPTO_malloc crypto/mem.c:202 openssl#2 0x7f6f686edba0 in CRYPTO_zalloc crypto/mem.c:222 openssl#3 0x7f6f68471bdf in BIO_new_ex crypto/bio/bio_lib.c:83 openssl#4 0x7f6f68491a8f in BIO_new_fp crypto/bio/bss_file.c:95 openssl#5 0x555c5f58b378 in dup_bio_out apps/lib/apps.c:3014 openssl#6 0x555c5f58f9ac in bio_open_default_ apps/lib/apps.c:3175 openssl#7 0x555c5f58f9ac in bio_open_default apps/lib/apps.c:3203 openssl#8 0x555c5f528537 in req_main apps/req.c:683 openssl#9 0x555c5f50e315 in do_cmd apps/openssl.c:426 openssl#10 0x555c5f4c5575 in main apps/openssl.c:307 openssl#11 0x7f6f680461c9 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 SUMMARY: AddressSanitizer: 128 byte(s) leaked in 1 allocation(s). Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#23365) (cherry picked from commit ff78d94)

Fixes openssl#2 and openssl#3 and openssl#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`

The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #24295) (cherry picked from commit af75373)

The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) #2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) #4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) #7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) #16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) #19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #24295)

The following issue was found in automatic tests with thread sanitizer builds in ClickHouse (which uses OpenSSL 3.2.1) [0]. The first stack [1] does proper locking (function 'x509_store_add', x509_lu.c) but in the second stack [2], function 'get_cert_by_subject_ex' (by_dir.b) forgets to lock when calling 'sk_X509_OBJECT_is_sorted'. [0] ClickHouse/ClickHouse#63049 [1] WARNING: ThreadSanitizer: data race (pid=1870) Write of size 4 at 0x7b08003d6810 by thread T552 (mutexes: write M0, write M1, write M2, write M3): #0 OPENSSL_sk_insert build_docker/./contrib/openssl/crypto/stack/stack.c:280:16 (clickhouse+0x203ad7e4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#1 OPENSSL_sk_push build_docker/./contrib/openssl/crypto/stack/stack.c:401:12 (clickhouse+0x203ad7e4) openssl#2 x509_store_add build_docker/./contrib/openssl/crypto/x509/x509_lu.c:419:17 (clickhouse+0x203d4a52) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#3 X509_STORE_add_cert build_docker/./contrib/openssl/crypto/x509/x509_lu.c:432:10 (clickhouse+0x203d48a2) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#4 X509_load_cert_file_ex build_docker/./contrib/openssl/crypto/x509/by_file.c:127:18 (clickhouse+0x203b74e6) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#5 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:333:22 (clickhouse+0x203b684c) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#7 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) openssl#8 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#11 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#16 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#20 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#21 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#22 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#23 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) [2] Previous read of size 4 at 0x7b08003d6810 by thread T553 (mutexes: write M4, write M5, write M6): #0 OPENSSL_sk_is_sorted build_docker/./contrib/openssl/crypto/stack/stack.c:490:33 (clickhouse+0x203adcff) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#1 get_cert_by_subject_ex build_docker/./contrib/openssl/crypto/x509/by_dir.c:423:10 (clickhouse+0x203b6d8f) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#2 X509_LOOKUP_by_subject_ex build_docker/./contrib/openssl/crypto/x509/x509_lu.c:105:16 (clickhouse+0x203d46ec) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#3 ossl_x509_store_ctx_get_by_subject build_docker/./contrib/openssl/crypto/x509/x509_lu.c:360:17 (clickhouse+0x203d46ec) openssl#4 X509_STORE_CTX_get1_issuer build_docker/./contrib/openssl/crypto/x509/x509_lu.c:782:10 (clickhouse+0x203d56cb) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#5 get1_trusted_issuer build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3194:10 (clickhouse+0x203db4a9) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#6 build_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:3324:40 (clickhouse+0x203db4a9) openssl#7 verify_chain build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:240:15 (clickhouse+0x203dbe27) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#8 x509_verify_x509 build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:358 (clickhouse+0x203d7fd8) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#9 X509_verify_cert build_docker/./contrib/openssl/crypto/x509/x509_vfy.c:293:56 (clickhouse+0x203d8215) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#10 ssl_verify_internal build_docker/./contrib/openssl/ssl/ssl_cert.c:496:13 (clickhouse+0x2019a2a4) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#11 ssl_verify_cert_chain build_docker/./contrib/openssl/ssl/ssl_cert.c:543:12 (clickhouse+0x2019a402) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#12 tls_post_process_server_certificate build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:2072:9 (clickhouse+0x20227658) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#13 ossl_statem_client_post_process_message build_docker/./contrib/openssl/ssl/statem/statem_clnt.c:1159:16 (clickhouse+0x202272ee) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#14 read_state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:712:35 (clickhouse+0x2021e96d) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#15 state_machine build_docker/./contrib/openssl/ssl/statem/statem.c:478:21 (clickhouse+0x2021e96d) openssl#16 ossl_statem_connect build_docker/./contrib/openssl/ssl/statem/statem.c:297:12 (clickhouse+0x2021ddce) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#17 SSL_do_handshake build_docker/./contrib/openssl/ssl/ssl_lib.c:4746:19 (clickhouse+0x201a5781) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#18 SSL_connect build_docker/./contrib/openssl/ssl/ssl_lib.c:2208:12 (clickhouse+0x201a5893) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) openssl#19 Poco::Net::SecureSocketImpl::connectSSL(bool) build_docker/./base/poco/NetSSL_OpenSSL/src/SecureSocketImpl.cpp:206:11 (clickhouse+0x1d179567) (BuildId: 3ceefd39df36d762f06bf9aab19cfc3467e4558b) CLA: trivial Reviewed-by: Todd Short <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#24295)

Running the x509_req_test with address sanitizer shows a memory leak: ==186455==ERROR: LeakSanitizer: detected memory leaks Direct leak of 53 byte(s) in 1 object(s) allocated from: #0 0x3ffad5f47af in malloc (/lib64/libasan.so.8+0xf47af) (BuildId: 93b3d2536d76f772a95880d76c746c150daabbee) #1 0x3ffac4214fb in CRYPTO_malloc crypto/mem.c:202 #2 0x3ffac421759 in CRYPTO_zalloc crypto/mem.c:222 #3 0x100e58f in test_mk_file_path test/testutil/driver.c:450 #4 0x1004671 in test_x509_req_detect_invalid_version test/x509_req_test.c:32 #5 0x100d247 in run_tests test/testutil/driver.c:342 #6 0x10042e3 in main test/testutil/main.c:31 #7 0x3ffaad34a5b in __libc_start_call_main (/lib64/libc.so.6+0x34a5b) (BuildId: 461b58df774538594b6173825bed67a9247a014d) #8 0x3ffaad34b5d in __libc_start_main@GLIBC_2.2 (/lib64/libc.so.6+0x34b5d) (BuildId: 461b58df774538594b6173825bed67a9247a014d) #9 0x1004569 (/root/openssl/test/x509_req_test+0x1004569) (BuildId: ab6bce0e531df1e3626a8f506d07f6ad7c7c6d57) SUMMARY: AddressSanitizer: 53 byte(s) leaked in 1 allocation(s). The certFilePath that is obtained via test_mk_file_path() must be freed when no longer used. While at it, make the certFilePath variable a local variable, there is no need to have this a global static variable. Fixes: 7d2c0a4 Signed-off-by: Ingo Franzki <[email protected]> Reviewed-by: Dmitry Belyavskiy <[email protected]> Reviewed-by: Neil Horman <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #24715)

new file: bin/bt new file: bin/cast new file: bin/check_arch new file: bin/check_xorg new file: bin/clean_chroot new file: bin/cleardrv new file: bin/create_wind new file: bin/debugts new file: bin/docker-unwind new file: bin/donate new file: bin/eclean new file: bin/efisign new file: bin/favicon new file: bin/find-dep-files new file: bin/find-dep-files2 new file: bin/find-duplicates new file: bin/find-missing-deps new file: bin/flash new file: bin/gitignore new file: bin/icon-gen new file: bin/install_chroot new file: bin/list new file: bin/makedna new file: bin/makeworld new file: bin/mkextra new file: bin/mkgptdrv new file: bin/mkinitrd new file: bin/mkmbrdrv new file: bin/mkrepackage new file: bin/modulesign new file: bin/newnotused new file: bin/newpython new file: bin/pkv new file: bin/portfromarch new file: bin/post new file: bin/rebuild new file: bin/rebuild-all new file: bin/rebuild-kernels new file: bin/release new file: bin/repackage new file: bin/repology.sh new file: bin/retry new file: bin/shrink new file: bin/sigc new file: bin/sign-test.sh new file: bin/soureclean new file: bin/stb new file: bin/sysdcon new file: bin/update new file: bin/update-check new file: bin/update2.sh new file: bin/watchit new file: etc/elf new file: etc/elf.mgc new file: etc/issue new file: etc/perl.list new file: etc/pip3.freeze new file: etc/pip3.freeze.save new file: etc/pkgmk.conf new file: etc/profile new file: etc/prt-get.conf new file: etc/qemu/bridge.conf new file: etc/wgetrc new file: ports/core/acl/.footprint new file: ports/core/acl/.md5sum new file: ports/core/acl/Pkgfile new file: ports/core/acl/acl#2.3.2-1.pkg.tar.xz new file: ports/core/attr/.footprint new file: ports/core/attr/.md5sum new file: ports/core/attr/Pkgfile new file: ports/core/attr/attr#2.5.2-1.pkg.tar.xz new file: ports/core/audit/.footprint new file: ports/core/audit/.md5sum new file: ports/core/audit/Pkgfile new file: ports/core/audit/audit#4.0-1.pkg.tar.xz new file: ports/core/bash/.footprint new file: ports/core/bash/.md5sum new file: ports/core/bash/Pkgfile new file: ports/core/bash/bash#5.2.26-2.pkg.tar.xz new file: ports/core/bash/bash-5.2.26.patch.gz new file: ports/core/bash/profile new file: ports/core/binutils/.footprint new file: ports/core/binutils/.md5sum new file: ports/core/binutils/Pkgfile new file: ports/core/binutils/binutils#2.42-1.pkg.tar.xz new file: ports/core/bison/.footprint new file: ports/core/bison/.md5sum new file: ports/core/bison/Pkgfile new file: ports/core/bison/bison#3.8.2-1.pkg.tar.xz new file: ports/core/boehm-gc/.footprint new file: ports/core/boehm-gc/.md5sum new file: ports/core/boehm-gc/Pkgfile new file: ports/core/boehm-gc/boehm-gc#8.2.4-1.pkg.tar.xz new file: ports/core/brotli/.footprint new file: ports/core/brotli/.md5sum new file: ports/core/brotli/Pkgfile new file: ports/core/brotli/brotli#1.1.0-1.pkg.tar.xz new file: ports/core/bzip2/.footprint new file: ports/core/bzip2/.md5sum new file: ports/core/bzip2/Pkgfile new file: ports/core/bzip2/bzip2#1.0.8-3.pkg.tar.xz new file: ports/core/bzip2/bzip2.pc.in new file: ports/core/ca-bundle/.footprint new file: ports/core/ca-bundle/.md5sum new file: ports/core/ca-bundle/Pkgfile new file: ports/core/ca-bundle/ca-bundle#cvs-1.pkg.tar.xz new file: ports/core/cmake/.footprint new file: ports/core/cmake/.md5sum new file: ports/core/cmake/Pkgfile new file: ports/core/cmake/cmake#3.28.3-1.pkg.tar.xz new file: ports/core/coreutils/.footprint new file: ports/core/coreutils/.md5sum new file: ports/core/coreutils/Pkgfile new file: ports/core/coreutils/coreutils#9.4-1.pkg.tar.xz new file: ports/core/coreutils/uname.fake new file: ports/core/curl/.footprint new file: ports/core/curl/.md5sum new file: ports/core/curl/Pkgfile new file: ports/core/curl/curl#8.7.1-1.pkg.tar.xz new file: ports/core/dbus/.footprint new file: ports/core/dbus/.md5sum new file: ports/core/dbus/30-dbus.launch new file: ports/core/dbus/Pkgfile new file: ports/core/dbus/dbus#1.14.10-1.pkg.tar.xz new file: ports/core/dbus/post-install new file: ports/core/dbus/rc.dbus new file: ports/core/diffutils/.footprint new file: ports/core/diffutils/.md5sum new file: ports/core/diffutils/Pkgfile new file: ports/core/diffutils/diffutils#3.10-1.pkg.tar.xz new file: ports/core/docbook-dsssl/.footprint new file: ports/core/docbook-dsssl/.md5sum new file: ports/core/docbook-dsssl/Pkgfile new file: ports/core/docbook-dsssl/docbook-dsssl#1.79-6.pkg.tar.xz new file: ports/core/docbook-dsssl/docbook-style-dsssl.Makefile new file: ports/core/docbook-dsssl/post-install new file: ports/core/docbook-mathml/.footprint new file: ports/core/docbook-mathml/.md5sum new file: ports/core/docbook-mathml/LICENSE new file: ports/core/docbook-mathml/Pkgfile new file: ports/core/docbook-mathml/docbook-mathml#1.1CR1-5.pkg.tar.xz new file: ports/core/docbook-mathml/post-install new file: ports/core/docbook-sgml/.footprint new file: ports/core/docbook-sgml/.md5sum new file: ports/core/docbook-sgml/Pkgfile new file: ports/core/docbook-sgml/docbook-sgml#4.5-6.pkg.tar.xz new file: ports/core/docbook-sgml/post-install new file: ports/core/docbook-sgml31/.footprint new file: ports/core/docbook-sgml31/.md5sum new file: ports/core/docbook-sgml31/Pkgfile new file: ports/core/docbook-sgml31/docbook-sgml31#3.1-3.pkg.tar.xz new file: ports/core/docbook-sgml31/post-install new file: ports/core/docbook-xml/.footprint new file: ports/core/docbook-xml/.md5sum new file: ports/core/docbook-xml/Pkgfile new file: ports/core/docbook-xml/docbook-xml#4.5-7.pkg.tar.xz new file: ports/core/docbook-xml/docbook-xml-4.2.zyp new file: ports/core/docbook-xml/docbook-xml-4.3.zyp new file: ports/core/docbook-xml/docbook-xml-4.4.zyp new file: ports/core/docbook-xml/docbook-xml-4.5.zyp new file: ports/core/docbook-xml/post-install new file: ports/core/docbook-xsl/.footprint new file: ports/core/docbook-xsl/.md5sum new file: ports/core/docbook-xsl/765567_non-recursive_string_subst.patch new file: ports/core/docbook-xsl/Pkgfile new file: ports/core/docbook-xsl/docbook-xsl#1.79.2-5.pkg.tar.xz new file: ports/core/docbook-xsl/post-install new file: ports/core/docbook2x/.footprint new file: ports/core/docbook2x/.md5sum new file: ports/core/docbook2x/Pkgfile new file: ports/core/docbook2x/datadir.diff new file: ports/core/docbook2x/docbook2x#0.8.8-16.pkg.tar.xz new file: ports/core/docbook5-xml/.footprint new file: ports/core/docbook5-xml/.md5sum new file: ports/core/docbook5-xml/Pkgfile new file: ports/core/docbook5-xml/docbook5-xml#5.1-1.pkg.tar.xz new file: ports/core/docbook5-xml/post-install new file: ports/core/elfutils/.footprint new file: ports/core/elfutils/.md5sum new file: ports/core/elfutils/Pkgfile new file: ports/core/elfutils/elfutils#0.190-1.pkg.tar.xz new file: ports/core/expat/.footprint new file: ports/core/expat/.md5sum new file: ports/core/expat/.signature new file: ports/core/expat/Pkgfile new file: ports/core/expat/expat#2.6.2-1.pkg.tar.xz new file: ports/core/file/.footprint new file: ports/core/file/.md5sum new file: ports/core/file/Pkgfile new file: ports/core/file/file#5.43-1.pkg.tar.xz new file: ports/core/filesystem/.footprint new file: ports/core/filesystem/.md5sum new file: ports/core/filesystem/Pkgfile new file: ports/core/filesystem/filesystem#3.7-3.pkg.tar.xz new file: ports/core/filesystem/fstab new file: ports/core/filesystem/group new file: ports/core/filesystem/issue new file: ports/core/filesystem/mime.types new file: ports/core/filesystem/motd new file: ports/core/filesystem/passwd new file: ports/core/filesystem/securetty new file: ports/core/filesystem/shadow new file: ports/core/filesystem/shells new file: ports/core/findutils/.footprint new file: ports/core/findutils/.md5sum new file: ports/core/findutils/Pkgfile new file: ports/core/findutils/findutils#4.9.0-1.pkg.tar.xz new file: ports/core/flex/.footprint new file: ports/core/flex/.md5sum new file: ports/core/flex/Pkgfile new file: ports/core/flex/flex#2.6.4-2.pkg.tar.xz new file: ports/core/gawk/.footprint new file: ports/core/gawk/.md5sum new file: ports/core/gawk/Pkgfile new file: ports/core/gawk/gawk#5.3.0-1.pkg.tar.xz new file: ports/core/gcc/.footprint new file: ports/core/gcc/.md5sum new file: ports/core/gcc/Pkgfile new file: ports/core/gcc/gcc#13.2.0-1.pkg.tar.xz new file: ports/core/glibc/.footprint new file: ports/core/glibc/.md5sum new file: ports/core/glibc/.nostrip new file: ports/core/glibc/Pkgfile new file: ports/core/glibc/glibc#2.39-9.pkg.tar.xz new file: ports/core/glibc/host.conf new file: ports/core/glibc/hosts new file: ports/core/glibc/ld.so.conf new file: ports/core/glibc/locale-gen new file: ports/core/glibc/locale.gen.in new file: ports/core/glibc/nsswitch.conf new file: ports/core/glibc/post-install new file: ports/core/glibc/resolv.conf new file: ports/core/glibc/sdt-config.h new file: ports/core/glibc/sdt.h new file: ports/core/gnutls/.footprint new file: ports/core/gnutls/.md5sum new file: ports/core/gnutls/Pkgfile new file: ports/core/gnutls/gnutls#3.8.5-1.pkg.tar.xz new file: ports/core/gperf/.footprint new file: ports/core/gperf/.md5sum new file: ports/core/gperf/Pkgfile new file: ports/core/gperf/gperf#3.1-1.pkg.tar.xz new file: ports/core/gpgme/.footprint new file: ports/core/gpgme/.md5sum new file: ports/core/gpgme/Pkgfile new file: ports/core/gpgme/gpgme#1.23.2-1.pkg.tar.xz new file: ports/core/grep/.footprint new file: ports/core/grep/.md5sum new file: ports/core/grep/Pkgfile new file: ports/core/grep/grep#3.11-1.pkg.tar.xz new file: ports/core/groff/.footprint new file: ports/core/groff/.md5sum new file: ports/core/groff/Pkgfile new file: ports/core/groff/README new file: ports/core/groff/groff#1.23.0-1.pkg.tar.xz new file: ports/core/guile/.footprint new file: ports/core/guile/.md5sum new file: ports/core/guile/Pkgfile new file: ports/core/guile/guile#3.0.9-1.pkg.tar.xz new file: ports/core/gvfs/.footprint new file: ports/core/gvfs/.md5sum new file: ports/core/gvfs/Pkgfile new file: ports/core/gvfs/gvfs#1.52.2-1.pkg.tar.xz new file: ports/core/gvfs/post-install new file: ports/core/gzip/.footprint new file: ports/core/gzip/.md5sum new file: ports/core/gzip/Pkgfile new file: ports/core/gzip/gzip#1.13-1.pkg.tar.xz new file: ports/core/jinja2/.footprint new file: ports/core/jinja2/.md5sum new file: ports/core/jinja2/Pkgfile new file: ports/core/jinja2/jinja2#pip-1.pkg.tar.xz new file: ports/core/kmod/.footprint new file: ports/core/kmod/.md5sum new file: ports/core/kmod/Pkgfile new file: ports/core/kmod/kmod#31-1.pkg.tar.xz new file: ports/core/libarchive/.footprint new file: ports/core/libarchive/.md5sum new file: ports/core/libarchive/Pkgfile new file: ports/core/libarchive/libarchive#3.7.2-2.pkg.tar.xz new file: ports/core/libarchive/lzma_stream.patch new file: ports/core/libassuan/.footprint new file: ports/core/libassuan/.md5sum new file: ports/core/libassuan/Pkgfile new file: ports/core/libassuan/libassuan#2.5.7-1.pkg.tar.xz new file: ports/core/libbsd/.footprint new file: ports/core/libbsd/.md5sum new file: ports/core/libbsd/Pkgfile new file: ports/core/libbsd/README new file: ports/core/libbsd/libbsd#0.11.8-1.pkg.tar.xz new file: ports/core/libbsd/libbsd.conf new file: ports/core/libcap-ng/.footprint new file: ports/core/libcap-ng/.md5sum new file: ports/core/libcap-ng/Pkgfile new file: ports/core/libcap-ng/libcap-ng#0.8.5-1.pkg.tar.xz new file: ports/core/libcap/.footprint new file: ports/core/libcap/.md5sum new file: ports/core/libcap/Pkgfile new file: ports/core/libcap/libcap#2.69-1.pkg.tar.xz new file: ports/core/libffi/.footprint new file: ports/core/libffi/.md5sum new file: ports/core/libffi/Pkgfile new file: ports/core/libffi/libffi#3.4.5-1.pkg.tar.xz new file: ports/core/libgcrypt/.footprint new file: ports/core/libgcrypt/.md5sum new file: ports/core/libgcrypt/Pkgfile new file: ports/core/libgcrypt/libgcrypt#1.10.3-1.pkg.tar.xz new file: ports/core/libgmp/.footprint new file: ports/core/libgmp/.md5sum new file: ports/core/libgmp/Pkgfile new file: ports/core/libgmp/gmp.h new file: ports/core/libgmp/libgmp#6.3.0-1.pkg.tar.xz new file: ports/core/libgpg-error/.footprint new file: ports/core/libgpg-error/.md5sum new file: ports/core/libgpg-error/Pkgfile new file: ports/core/libgpg-error/libgpg-error#1.48-1.pkg.tar.xz new file: ports/core/libidn/.footprint new file: ports/core/libidn/.md5sum new file: ports/core/libidn/Pkgfile new file: ports/core/libidn/libidn#1.35-1.pkg.tar.xz new file: ports/core/libidn2/.footprint new file: ports/core/libidn2/.md5sum new file: ports/core/libidn2/Pkgfile new file: ports/core/libidn2/libidn2#2.3.7-1.pkg.tar.xz new file: ports/core/libisl/.footprint new file: ports/core/libisl/.md5sum new file: ports/core/libisl/Pkgfile new file: ports/core/libisl/libisl#0.26-1.pkg.tar.xz new file: ports/core/libmd/.footprint new file: ports/core/libmd/Pkgfile new file: ports/core/libmd/libmd#1.1.0-1.pkg.tar.xz new file: ports/core/libmetalink/.footprint new file: ports/core/libmetalink/.md5sum new file: ports/core/libmetalink/Pkgfile new file: ports/core/libmetalink/libmetalink#0.1.3-1.pkg.tar.xz new file: ports/core/libmpc/.footprint new file: ports/core/libmpc/.md5sum new file: ports/core/libmpc/Pkgfile new file: ports/core/libmpc/libmpc#1.3.1-1.pkg.tar.xz new file: ports/core/libmpfr/.footprint new file: ports/core/libmpfr/.md5sum new file: ports/core/libmpfr/Pkgfile new file: ports/core/libmpfr/libmpfr#4.2.1-1.pkg.tar.xz new file: ports/core/libmpfr/libmpfr-4.2.0-p12.patch new file: ports/core/libnghttp2/.footprint new file: ports/core/libnghttp2/.md5sum new file: ports/core/libnghttp2/Pkgfile new file: ports/core/libnghttp2/libnghttp2#1.59.0-1.pkg.tar.xz new file: ports/core/libpcre/.footprint new file: ports/core/libpcre/.md5sum new file: ports/core/libpcre/Pkgfile new file: ports/core/libpcre/libpcre#8.45-1.pkg.tar.xz new file: ports/core/libpcre2/.footprint new file: ports/core/libpcre2/.md5sum new file: ports/core/libpcre2/Pkgfile new file: ports/core/libpcre2/libpcre2#10.42-1.pkg.tar.xz new file: ports/core/libpsl/.footprint new file: ports/core/libpsl/.md5sum new file: ports/core/libpsl/Pkgfile new file: ports/core/libpsl/libpsl#0.21.0-1.pkg.tar.xz new file: ports/core/libpwquality/.footprint new file: ports/core/libpwquality/.md5sum new file: ports/core/libpwquality/Pkgfile new file: ports/core/libpwquality/libpwquality#1.4.5-1.pkg.tar.xz new file: ports/core/libseccomp/.footprint new file: ports/core/libseccomp/.md5sum new file: ports/core/libseccomp/Pkgfile new file: ports/core/libseccomp/libseccomp#2.5.5-1.pkg.tar.xz new file: ports/core/libselinux/.footprint new file: ports/core/libselinux/.md5sum new file: ports/core/libselinux/Pkgfile new file: ports/core/libselinux/libselinux#3.6-2.pkg.tar.xz new file: ports/core/libselinux/libselinux.tmpfiles.d new file: ports/core/libsepol/.footprint new file: ports/core/libsepol/.md5sum new file: ports/core/libsepol/Pkgfile new file: ports/core/libsepol/libsepol#3.6-1.pkg.tar.xz new file: ports/core/libunistring/.footprint new file: ports/core/libunistring/.md5sum new file: ports/core/libunistring/Pkgfile new file: ports/core/libunistring/libunistring#1.1-1.pkg.tar.xz new file: ports/core/libxcrypt/.footprint new file: ports/core/libxcrypt/.md5sum new file: ports/core/libxcrypt/Pkgfile new file: ports/core/libxcrypt/libxcrypt#4.4.36-1.pkg.tar.xz new file: ports/core/libxml2/.footprint new file: ports/core/libxml2/.md5sum new file: ports/core/libxml2/Pkgfile new file: ports/core/libxml2/libxml2#2.12.6-1.pkg.tar.xz new file: ports/core/libxslt/.footprint new file: ports/core/libxslt/.md5sum new file: ports/core/libxslt/Pkgfile new file: ports/core/libxslt/libxslt#1.1.39-1.pkg.tar.xz new file: ports/core/linux-pam/.footprint new file: ports/core/linux-pam/.md5sum new file: ports/core/linux-pam/Pkgfile new file: ports/core/linux-pam/common-account new file: ports/core/linux-pam/common-auth new file: ports/core/linux-pam/common-password new file: ports/core/linux-pam/common-session new file: ports/core/linux-pam/linux-pam#1.6.0-1.pkg.tar.xz new file: ports/core/linux-pam/other new file: ports/core/llvm/.footprint new file: ports/core/llvm/.md5sum new file: ports/core/llvm/Pkgfile new file: ports/core/llvm/README new file: ports/core/llvm/install-prefix.patch new file: ports/core/llvm/llvm#18.1.4-1.pkg.tar.xz new file: ports/core/llvm/llvm-config.h new file: ports/core/llvm/rust-feature-tables.patch new file: ports/core/lz4/.footprint new file: ports/core/lz4/.md5sum new file: ports/core/lz4/Pkgfile new file: ports/core/lz4/lz4#1.9.4-1.pkg.tar.xz new file: ports/core/m4/.footprint new file: ports/core/m4/.md5sum new file: ports/core/m4/Pkgfile new file: ports/core/m4/m4#1.4.19-1.pkg.tar.xz new file: ports/core/make/.footprint new file: ports/core/make/.md5sum new file: ports/core/make/Pkgfile new file: ports/core/make/make#4.4.1-1.pkg.tar.xz new file: ports/core/meson/.footprint new file: ports/core/meson/.md5sum new file: ports/core/meson/Pkgfile new file: ports/core/meson/meson#1.3.2-1.pkg.tar.xz new file: ports/core/meson/ts-meson new file: ports/core/meson/ts-meson-nowrap new file: ports/core/most/.footprint new file: ports/core/most/.md5sum new file: ports/core/most/Pkgfile new file: ports/core/most/most#5.1.0-1.pkg.tar.xz new file: ports/core/mpdecimal/.footprint new file: ports/core/mpdecimal/.md5sum new file: ports/core/mpdecimal/Pkgfile new file: ports/core/mpdecimal/mpdecimal#4.0.0-1.pkg.tar.xz new file: ports/core/nano/.footprint new file: ports/core/nano/.md5sum new file: ports/core/nano/Pkgfile new file: ports/core/nano/nano#7.2-1.pkg.tar.xz new file: ports/core/nano/ts.patch new file: ports/core/ncurses/.footprint new file: ports/core/ncurses/.md5sum new file: ports/core/ncurses/Pkgfile new file: ports/core/ncurses/ncurses#6.4-1.pkg.tar.xz new file: ports/core/nettle/.footprint new file: ports/core/nettle/.md5sum new file: ports/core/nettle/Pkgfile new file: ports/core/nettle/nettle#3.9.1-1.pkg.tar.xz new file: ports/core/opencryptoki/.footprint new file: ports/core/opencryptoki/.md5sum new file: ports/core/opencryptoki/Pkgfile new file: ports/core/opencryptoki/opencryptoki#3.23.0-1.pkg.tar.xz new file: ports/core/opencryptoki/post-install new file: ports/core/opencryptoki/pre-install new file: ports/core/openssl/.footprint new file: ports/core/openssl/.md5sum new file: ports/core/openssl/Pkgfile new file: ports/core/openssl/mksslcert.sh new file: ports/core/openssl/openssl#3.2.1-1.pkg.tar.xz new file: ports/core/openssl/plist new file: ports/core/p11-kit/.footprint new file: ports/core/p11-kit/.md5sum new file: ports/core/p11-kit/Pkgfile new file: ports/core/p11-kit/p11-kit#0.25.3-1.pkg.tar.xz new file: ports/core/patch/.footprint new file: ports/core/patch/.md5sum new file: ports/core/patch/Pkgfile new file: ports/core/patch/patch#2.7.6.17-9c98-1.pkg.tar.xz new file: ports/core/pkgconf/.footprint new file: ports/core/pkgconf/.md5sum new file: ports/core/pkgconf/Pkgfile new file: ports/core/pkgconf/README new file: ports/core/pkgconf/i686-pc-linux-gnu.personality new file: ports/core/pkgconf/pkgconf#2.1.1-1.pkg.tar.xz new file: ports/core/pkgconf/x86_64-pc-linux-gnu.personality new file: ports/core/pkgutils/.footprint new file: ports/core/pkgutils/.md5sum new file: ports/core/pkgutils/Pkgfile new file: ports/core/pkgutils/pkgutils#5.40.10-1.pkg.tar.xz new file: ports/core/prt-get/.footprint new file: ports/core/prt-get/.md5sum new file: ports/core/prt-get/Pkgfile new file: ports/core/prt-get/README new file: ports/core/prt-get/prt-get#5.19.6-1.pkg.tar.xz new file: ports/core/prt-get/prt-get.aliases new file: ports/core/prt-get/prt-get.conf new file: ports/core/python3-pip/.footprint new file: ports/core/python3-pip/.md5sum new file: ports/core/python3-pip/EXTERNALLY-MANAGED.in new file: ports/core/python3-pip/Pkgfile new file: ports/core/python3-pip/python3-pip#24.0-1.pkg.tar.xz new file: ports/core/python3-setuptools/.footprint new file: ports/core/python3-setuptools/.md5sum new file: ports/core/python3-setuptools/Pkgfile new file: ports/core/python3-setuptools/python3-setuptools#69.0.3-1.pkg.tar.xz new file: ports/core/python3/.footprint new file: ports/core/python3/.md5sum new file: ports/core/python3/Pkgfile new file: ports/core/python3/python3#3.12.2-1.pkg.tar.xz new file: ports/core/readline/.footprint new file: ports/core/readline/.md5sum new file: ports/core/readline/Pkgfile new file: ports/core/readline/inputrc new file: ports/core/readline/readline#8.2.10-1.pkg.tar.xz new file: ports/core/readline/readline-8.2.10.patch.gz new file: ports/core/rsync/.footprint new file: ports/core/rsync/.md5sum new file: ports/core/rsync/.signature new file: ports/core/rsync/Pkgfile new file: ports/core/rsync/rsync#3.3.0-1.pkg.tar.xz new file: ports/core/rsync/rsync.driver new file: ports/core/rsync/rsyncd new file: ports/core/rsync/rsyncd.conf new file: ports/core/ruby/.footprint new file: ports/core/ruby/.md5sum new file: ports/core/ruby/Pkgfile new file: ports/core/ruby/ruby#3.3.0-1.pkg.tar.xz new file: ports/core/sed/.footprint new file: ports/core/sed/.md5sum new file: ports/core/sed/Pkgfile new file: ports/core/sed/sed#4.9-1.pkg.tar.xz new file: ports/core/sgml-common/.footprint new file: ports/core/sgml-common/.md5sum new file: ports/core/sgml-common/Pkgfile new file: ports/core/sgml-common/post-install new file: ports/core/sgml-common/sgml-common#0.6.3-6.pkg.tar.xz new file: ports/core/sgml-common/sgml-common-0.6.3-manpage-1.patch new file: ports/core/shadow/.footprint new file: ports/core/shadow/.md5sum new file: ports/core/shadow/Pkgfile new file: ports/core/shadow/chfn new file: ports/core/shadow/chsh new file: ports/core/shadow/groupadd new file: ports/core/shadow/groupdel new file: ports/core/shadow/groupmems new file: ports/core/shadow/groupmod new file: ports/core/shadow/login new file: ports/core/shadow/passwd new file: ports/core/shadow/pwck new file: ports/core/shadow/shadow#4.14.5-2.pkg.tar.xz new file: ports/core/shadow/su new file: ports/core/shadow/useradd new file: ports/core/shadow/userdel new file: ports/core/shadow/usermod new file: ports/core/shim/.footprint new file: ports/core/shim/.md5sum new file: ports/core/shim/BOOTX64.csv new file: ports/core/shim/Pkgfile new file: ports/core/shim/UEFI-CA.cer new file: ports/core/shim/shim#15.8-3.pkg.tar.xz new file: ports/core/slang/.footprint new file: ports/core/slang/.md5sum new file: ports/core/slang/Pkgfile new file: ports/core/slang/slang#2.3.3-1.pkg.tar.xz new file: ports/core/systemd/.footprint new file: ports/core/systemd/.md5sum new file: ports/core/systemd/0001-Use-Arch-Linux-device-access-groups.patch new file: ports/core/systemd/Pkgfile new file: ports/core/systemd/fstab-generator.patch new file: ports/core/systemd/initcpio-hook-udev new file: ports/core/systemd/initcpio-install-systemd new file: ports/core/systemd/initcpio-install-udev new file: ports/core/systemd/loader.conf new file: ports/core/systemd/post-install new file: ports/core/systemd/pre-install new file: ports/core/systemd/quiet.patch new file: ports/core/systemd/quiet2.patch new file: ports/core/systemd/splash-thinstation.bmp new file: ports/core/systemd/systemd#255-2.pkg.tar.xz new file: ports/core/systemd/systemd-binfmt.hook new file: ports/core/systemd/systemd-catalog.hook new file: ports/core/systemd/systemd-daemon-reload.hook new file: ports/core/systemd/systemd-hook new file: ports/core/systemd/systemd-hwdb.hook new file: ports/core/systemd/systemd-sysctl.hook new file: ports/core/systemd/systemd-sysusers.hook new file: ports/core/systemd/systemd-tmpfiles.hook new file: ports/core/systemd/systemd-udev-reload.hook new file: ports/core/systemd/systemd-update.hook new file: ports/core/systemd/systemd-user.pam new file: ports/core/systemd/thinstation.conf new file: ports/core/systemd/utmp.patch new file: ports/core/sysvinit/.footprint new file: ports/core/sysvinit/.md5sum new file: ports/core/sysvinit/Pkgfile new file: ports/core/sysvinit/sysvinit#3.08-1.pkg.tar.xz new file: ports/core/tar/.footprint new file: ports/core/tar/.md5sum new file: ports/core/tar/Pkgfile new file: ports/core/tar/tar#1.35-1.pkg.tar.xz new file: ports/core/util-linux/.footprint new file: ports/core/util-linux/.md5sum new file: ports/core/util-linux/Pkgfile new file: ports/core/util-linux/util-linux#2.39.3-1.pkg.tar.xz new file: ports/core/wget/.footprint new file: ports/core/wget/.md5sum new file: ports/core/wget/Pkgfile new file: ports/core/wget/wget#1.21-2.pkg.tar.xz new file: ports/core/wget/wgetrc new file: ports/core/which/.footprint new file: ports/core/which/.md5sum new file: ports/core/which/Pkgfile new file: ports/core/which/which#2.21-2.pkg.tar.xz new file: ports/core/xz/.footprint new file: ports/core/xz/.md5sum new file: ports/core/xz/Pkgfile new file: ports/core/xz/xz#5.4.6-1.pkg.tar.xz new file: ports/core/zlib/.footprint new file: ports/core/zlib/.md5sum new file: ports/core/zlib/Pkgfile new file: ports/core/zlib/zlib#1.3.1-1.pkg.tar.xz new file: ports/core/zstd/.footprint new file: ports/core/zstd/.md5sum new file: ports/core/zstd/Pkgfile new file: ports/core/zstd/zstd#1.5.5-1.pkg.tar.xz new file: ports/ruby/hpricot/.footprint new file: ports/ruby/hpricot/.md5sum new file: ports/ruby/hpricot/Pkgfile new file: ports/ruby/hpricot/hpricot#0.8.6-1.pkg.tar.xz new file: ports/ruby/mustache/.footprint new file: ports/ruby/mustache/.md5sum new file: ports/ruby/mustache/Pkgfile new file: ports/ruby/mustache/mustache#1.1.1-1.pkg.tar.xz new file: ports/ruby/rdiscount/.footprint new file: ports/ruby/rdiscount/.md5sum new file: ports/ruby/rdiscount/Pkgfile new file: ports/ruby/rdiscount/rdiscount#2.2.7.3-1.pkg.tar.xz new file: ports/ruby/ronn/.footprint new file: ports/ruby/ronn/.md5sum new file: ports/ruby/ronn/Pkgfile new file: ports/ruby/ronn/ronn#0.7.3-1.pkg.tar.xz

Sometimes the error handling returns an ASN1_STRING object in *out although that was not passed in by the caller, and sometimes the error handling deletes the ASN1_STRING but forgets to clear the *out parameter. Therefore the caller has no chance to know, if the leaked object in *out shall be deleted or not. This may cause a use-after-free error e.g. in asn1_str2type: ==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0 READ of size 8 at 0x603000073280 thread T0 #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354 #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204 #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199 #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20 #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740 #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137 #6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #14 0x564ed19d5f25 in req_main apps/req.c:806 #15 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #16 0x564ed1985165 in main apps/openssl.c:183 #17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 #18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd) 0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288) freed by thread T0 here: #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311 #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300 #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191 #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #15 0x564ed19d5f25 in req_main apps/req.c:806 #16 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #17 0x564ed1985165 in main apps/openssl.c:183 #18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221 #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198 #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236 #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150 #6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #17 0x564ed19d5f25 in req_main apps/req.c:806 #18 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #19 0x564ed1985165 in main apps/openssl.c:183 #20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #23165)

Sometimes the error handling returns an ASN1_STRING object in *out although that was not passed in by the caller, and sometimes the error handling deletes the ASN1_STRING but forgets to clear the *out parameter. Therefore the caller has no chance to know, if the leaked object in *out shall be deleted or not. This may cause a use-after-free error e.g. in asn1_str2type: ==63312==ERROR: AddressSanitizer: heap-use-after-free on address 0x603000073280 at pc 0x7f2652e93b08 bp 0x7ffe0e1951c0 sp 0x7ffe0e1951b0 READ of size 8 at 0x603000073280 thread T0 #0 0x7f2652e93b07 in asn1_string_embed_free crypto/asn1/asn1_lib.c:354 #1 0x7f2652eb521a in asn1_primitive_free crypto/asn1/tasn_fre.c:204 #2 0x7f2652eb50a9 in asn1_primitive_free crypto/asn1/tasn_fre.c:199 #3 0x7f2652eb5b67 in ASN1_item_free crypto/asn1/tasn_fre.c:20 #4 0x7f2652e8e13b in asn1_str2type crypto/asn1/asn1_gen.c:740 #5 0x7f2652e8e13b in generate_v3 crypto/asn1/asn1_gen.c:137 #6 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #7 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #8 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #9 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #10 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #11 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #12 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #13 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #14 0x564ed19d5f25 in req_main apps/req.c:806 #15 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #16 0x564ed1985165 in main apps/openssl.c:183 #17 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 #18 0x564ed1985acd in _start (/home/ed/OPCToolboxV5/Source/Core/OpenSSL/openssl/apps/openssl+0x139acd) 0x603000073280 is located 16 bytes inside of 24-byte region [0x603000073270,0x603000073288) freed by thread T0 here: #0 0x7f265413440f in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:122 #1 0x7f265315a429 in CRYPTO_free crypto/mem.c:311 #2 0x7f265315a429 in CRYPTO_free crypto/mem.c:300 #3 0x7f2652e757b9 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:191 #4 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #5 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #6 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #7 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #8 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #9 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #10 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #11 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #12 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #13 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #14 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #15 0x564ed19d5f25 in req_main apps/req.c:806 #16 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #17 0x564ed1985165 in main apps/openssl.c:183 #18 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 previously allocated by thread T0 here: #0 0x7f2654134808 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cc:144 #1 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:221 #2 0x7f265315a4fd in CRYPTO_malloc crypto/mem.c:198 #3 0x7f265315a945 in CRYPTO_zalloc crypto/mem.c:236 #4 0x7f2652e939a4 in ASN1_STRING_type_new crypto/asn1/asn1_lib.c:341 #5 0x7f2652e74e51 in ASN1_mbstring_ncopy crypto/asn1/a_mbstr.c:150 #6 0x7f2652e75ec5 in ASN1_mbstring_copy crypto/asn1/a_mbstr.c:38 #7 0x7f2652e8e227 in asn1_str2type crypto/asn1/asn1_gen.c:681 #8 0x7f2652e8e227 in generate_v3 crypto/asn1/asn1_gen.c:137 #9 0x7f2652e9166c in ASN1_generate_v3 crypto/asn1/asn1_gen.c:92 #10 0x7f2653307b9b in do_othername crypto/x509v3/v3_alt.c:577 #11 0x7f2653307b9b in a2i_GENERAL_NAME crypto/x509v3/v3_alt.c:492 #12 0x7f26533087c2 in v2i_subject_alt crypto/x509v3/v3_alt.c:327 #13 0x7f26533107fc in do_ext_nconf crypto/x509v3/v3_conf.c:100 #14 0x7f2653310f33 in X509V3_EXT_nconf crypto/x509v3/v3_conf.c:45 #15 0x7f2653311426 in X509V3_EXT_add_nconf_sk crypto/x509v3/v3_conf.c:312 #16 0x7f265331170c in X509V3_EXT_REQ_add_nconf crypto/x509v3/v3_conf.c:360 #17 0x564ed19d5f25 in req_main apps/req.c:806 #18 0x564ed19b8de0 in do_cmd apps/openssl.c:564 #19 0x564ed1985165 in main apps/openssl.c:183 #20 0x7f2651c4a082 in __libc_start_main ../csu/libc-start.c:308 Reviewed-by: Tom Cosgrove <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #23165) (cherry picked from commit dfa1e49)

Fixes openssl#2 and openssl#3 and openssl#22 Updates `Configure` script to disable QUIC with `no-bulk` and `no-ec` Updates build.info doc docs Fixes an issue with extension defintions and `no-quic`

Here the undefined value "npa" passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15

Here the undefined value "npa" passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 #1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 #2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 #3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 #4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 #5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 #6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 #7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 #8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 #9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 #10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 #11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 #12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15 Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26269)

Here the undefined value "npa" passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 #1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 #2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 #3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 #4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 #5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 #6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 #7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 #8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 #9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 #10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 #11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 #12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15 Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from #26269) (cherry picked from commit e63e889)

Here the undefined value "npa" was passed to a function WPACKET_sub_memcpy_u16(pkt, npa, npalen). However the value is not really used, because "npalen" is zero, but the call statememt itself is considered an invalid operation by the new sanitizer. The original sanitizer error report was: ==49175==WARNING: MemorySanitizer: use-of-uninitialized-value #0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21 openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15 openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10 openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26 openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21 openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12 openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19 openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12 openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24 openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10 openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14 openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21 openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15 Reviewed-by: Saša Nedvědický <[email protected]> Reviewed-by: Tomas Mraz <[email protected]> (Merged from openssl#26269) (cherry picked from commit e63e889)

misspellings fixes by https://github.com/vlajos/misspell_fixer

34e9d1f

benlaurie closed this Sep 5, 2013

elitetony mentioned this pull request Apr 27, 2016

openssl-1.1.0-pre5 OCSP_SINGLERESP_add1_ext_i2d add SCT data error #1001

Closed

oathupdate mentioned this pull request Apr 29, 2016

there is a core dump in openss 1.0.1 e #1010

Closed

elitetony mentioned this pull request Jun 13, 2016

openssl-1.1.0-pre5 coredumped #1205

Closed

ealloradai mentioned this pull request Jul 15, 2016

Strange behaviour of OpenSSL cms sign on large files #1302

Closed

maybeonly mentioned this pull request Sep 8, 2016

pthread_rwlock_wrlock crash for NULL pointer #1553

Closed

tmshort mentioned this pull request Sep 27, 2016

Failed tests on OpenSSL 1.1.0b with enable-ec_nistp_64_gcc_128 and/or enable-ssl-trace #1623

Closed

glftpd mentioned this pull request Nov 12, 2016

openssl version command hangs with 1.1.0c and no-dso option #1899

Closed

kingcpro mentioned this pull request Nov 24, 2016

Core dump cased by libcrypto.so.1.0.2h (openssl-1.0.2h) #1995

Closed

rainerjung mentioned this pull request Mar 19, 2017

Crash in test during ossltest_destroy() for OpenSSL 1.1.0e on Linux x86_64. #2987

Closed

lyuboasenov mentioned this pull request Apr 26, 2017

X509_sign fails with segmentation fault #3315

Closed

eastyu mentioned this pull request Jun 17, 2017

SSL_CTX_new function call makes a segment fault #3706

Closed

lonewasp mentioned this pull request Jun 20, 2017

SIGSEGV in subcall from FIPS_drbg_generate() #3721

Closed

speedingdaemon mentioned this pull request Jul 14, 2017

Using OpenSSL with LKL's non-blocking sockets #3937

Closed

caikun mentioned this pull request Jul 20, 2017

ssleay_rand_bytes get the Arithmetic exception crash #3978

Closed

wangle6 mentioned this pull request Nov 22, 2017

BUG: The concurrency of settimeofday and ssh connect would lead to coredump #4772

Closed

obisluo mentioned this pull request Jan 11, 2018

deadlock between ssl23_accept () and ssl23_connect () #5062

Closed

sureshyadagari mentioned this pull request Feb 22, 2018

Memory corruption in ssl_lib.c while getting cipher_list from SSL_get_ciphers() function #5435

Closed

bennyg12 mentioned this pull request May 24, 2018

TLS connect failed with "SSL3_GET_RECORD:decryption failed or bad record mac" #6348

Closed

richsalz mentioned this pull request Jul 5, 2018

New AEAD API #6335

Open

kuncao mentioned this pull request Dec 11, 2018

Calling RAND_DRBG_get0_public without locks initialized segfaults on platforms without atomics #7870

Closed

RuurdBeerstra mentioned this pull request Jan 16, 2019

data race in x509 check code #7656 #8031

Closed

jeffmahoney mentioned this pull request Feb 14, 2019

apps/speed in 1.1.0 segfaults since 1.1.0i #8243

Closed

chensqecc mentioned this pull request Feb 26, 2019

some doubt about register ssl obj to X509_STORE_CTX in SSL handshake step. #8337

Closed

hlsantos mentioned this pull request Mar 26, 2019

Missing struct field access or object access methods #8562

Closed

ttandqq mentioned this pull request May 28, 2019

OPENSSL_cleanup core #9023

Closed

mteske mentioned this pull request Feb 21, 2024

crash in ssl3_read_bytes/ tls_get_message_header #23650

Closed

ashwanikadian mentioned this pull request Feb 27, 2024

OpenSSL does not use any hardware acceleration on HP-UX for encryption/decryption #23701

Open

This was referenced Mar 18, 2024

Tentative fix for the async engine #16734

Closed

Add RSA_PKCS1_WITH_TLS_PADDING support for legacy #22566

Open

debananda-pal mentioned this pull request Jun 27, 2024

Use of RSA_test_flags generates Segmentation fault #24747

Closed

anil9811 mentioned this pull request Sep 27, 2024

Openssl API "X509_verify_cert" is failing with openssl3.0 but working in openssl1.1.1. Can we know reasons why it is failing in openssl3.0? #25555

Open

mcollard0 mentioned this pull request Mar 7, 2025

Build errors on Openssl 1.1.1, details within. #27000

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

misspellings fixes by https://github.com/vlajos/misspell_fixer #3

misspellings fixes by https://github.com/vlajos/misspell_fixer #3

vlajos commented Jun 12, 2013

benlaurie commented Sep 5, 2013

misspellings fixes by https://github.com/vlajos/misspell_fixer #3

misspellings fixes by https://github.com/vlajos/misspell_fixer #3

Conversation

vlajos commented Jun 12, 2013

benlaurie commented Sep 5, 2013