[dev.icinga.com #7862] Segfault in CA handling #2340

icinga-migration · 2014-11-26T19:41:32Z

This issue has been migrated from Redmine: https://dev.icinga.com/issues/7862

Created by mfrosch on 2014-11-26 19:41:32 +00:00

Assignee: gbeutner
Status: Resolved (closed on 2014-11-27 08:40:03 +00:00)
Target Version: 2.2.1
Last Update: 2014-11-27 08:40:03 +00:00 (in Redmine)

Icinga Version: 2.2.0

I noticed a segmentation fault in the CA handling, at least in "new-ca".

The key was created, but it seems the certificate self-signing fails.

OS: SLES 11 SP3
Package Sources: https://build.opensuse.org/package/show/home:lazyfrosch:icinga2/icinga2

Tell me if you need further details.

# gdb --args icinga2 pki new-ca
GNU gdb (GDB) SUSE (7.5.1-0.7.29)
Copyright (C) 2012 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-suse-linux".
For bug reporting instructions, please see:
...
Reading symbols from /usr/sbin/icinga2...(no debugging symbols found)...done.
(gdb) run
Starting program: /usr/sbin/icinga2 pki new-ca
[...]
information/base: Writing private key to '/var/lib/icinga2/ca/ca.key'.

Program received signal SIGSEGV, Segmentation fault.
ASN1_item_sign (it=0x7ffff4412b20 , algor1=0x63de30, algor2=0x6491e0, signature=0x649200, asn=0x649780, pkey=0x649910, 
    type=0x0) at a_sign.c:232
232 a_sign.c: No such file or directory.
(gdb) bt

#0  ASN1_item_sign (it=0x7ffff4412b20 , algor1=0x63de30, algor2=0x6491e0, signature=0x649200, asn=0x649780,

pkey=0x649910, type=0x0) at a_sign.c:232

#1  0x00007ffff4142ea0 in X509_sign (x=, pkey=0x649910, md=) at x_all.c:100
#2  0x00007ffff71413ae in icinga::CreateCert(evp_pkey_st*, X509_name_st*, X509_name_st*, evp_pkey_st*, bool, icinga::String const&)

() from /usr/lib64/icinga2/libbase.so

#3  0x00007ffff715d40a in icinga::MakeX509CSR(icinga::String const&, icinga::String const&, icinga::String const&, icinga::String const&, bool) () from /usr/lib64/icinga2/libbase.so
#4  0x00007ffff6ad39ca in icinga::PkiUtility::NewCa() () from /usr/lib64/icinga2/libcli.so
#5  0x0000000000411a1b in Main() ()
#6  0x000000000041360c in main ()

Changesets

2014-11-27 08:35:24 +00:00 by gbeutner a8b7710

Fix crash in CreateCert

fixes #7862

2014-11-27 08:54:44 +00:00 by gbeutner bd2861b

Fix crash in CreateCert

fixes #7862

Relations:

relates #7862

The text was updated successfully, but these errors were encountered:

icinga-migration · 2014-11-26T20:44:45Z

Updated by mfrosch on 2014-11-26 20:44:45 +00:00

Here is a full backtrace with all debuginfo.

#0  ASN1_item_sign (it=0x7ffff4412b20 , algor1=0x63de30, algor2=0x6491e0, signature=0x649200, asn=0x649780,

pkey=0x649910, type=0x0) at a_sign.c:232
ctx = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0}
buf_in = 0x0
buf_out =
i = 0
inl =
outl = 0
outll =
a = 0x63de30

#1  0x00007ffff4142ea0 in X509_sign (x=, pkey=0x649910, md=) at x_all.c:100

No locals.

#2  0x00007ffff71413ae in icinga::CreateCert (pubkey=0x63df70, subject=0x63dd40, issuer=0x63dd40, cakey=0x649910, ca=true,

serialfile=...) at /usr/src/debug/icinga2-2.2.0/lib/base/tlsutility.cpp:415
cert = 0x6496d0

PRETTY_FUNCTION = "boost::shared_ptr<x509_st> icinga::CreateCert(EVP_PKEY**, X509_NAME**, X509_NAME**, EVP_PKEY**, bool, const icinga::String&)"

#3  0x00007ffff715d40a in icinga::MakeX509CSR (cn=..., keyfile=..., csrfile=..., certfile=..., ca=true)

at /usr/src/debug/icinga2-2.2.0/lib/base/tlsutility.cpp:293
subject =
cert = {px = 0x7fff00000001, pn = {pi_ = 0x0}}
errbuf = "\300\304\377\377\377\177\000\000\230\332\377\377\377\177\000\000\000\000\000\000\000\000\000\000H\274\336\367\377\177\000\000\001\000\000\000\377\177\000\000\000\000\000\000\000\000\000\000\330\006\263\366\377\177\000\000\060\027I\367\377\177\000\000`~\v\367\377\177\000\000\320\304\377\377\377\177\000\000\260\304\377\377\377\177\000\000\340\304\377\377\377\177\000\000\020\305\377\377\377\177\000\000\225\034\337\367\377\177\000\000\350\025c\000\000\000\000"
rsa = 0x63da80
bio =
key = 0x649910

PRETTY_FUNCTION = "int icinga::MakeX509CSR(const icinga::String&, const icinga::String&, const icinga::String&, const icinga::String&, bool)"

#4  0x00007ffff6ad39ca in icinga::PkiUtility::NewCa () at /usr/src/debug/icinga2-2.2.0/lib/cli/pkiutility.cpp:61

cadir = {static NPos = 18446744073709551615, m_Data = {static npos = 18446744073709551615,

M_dataplus = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_p = 0x631618 "/var/lib/icinga2/ca"}}}
serialpath = {static NPos = 18446744073709551615, m_Data = {static npos = 18446744073709551615,

M_dataplus = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_p = 0x0}}}
fp =

#5  0x0000000000411a1b in Main () at /usr/src/debug/icinga2-2.2.0/icinga-app/icinga.cpp:427

args = {<std::_Vector_base<std::basic_string<char, std::char_traits, std::allocator >, std::allocator<std::basic_string<char, std::char_traits, std::allocator > > >> = {

M_impl = {<std::allocator<std::basic_string<char, std::char_traits, std::allocator > >> = {<_gnu_cxx::new_allocator<std::basic_string<char, std::char_traits, std::allocator > >> = {}, },
_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}}, }
argc = 4
argv = 0x7fffffffe4f8
autocomplete = false
autoindex = 0
logLevel = icinga::LogInformation
visibleDesc = {static m_default_line_length = 80, m_caption = {static npos = 18446744073709551615,

M_dataplus = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_p = 0x629aa8 "Global options"}}, m_line_length = 80, m_min_description_length = 40,
m_options = {<std::_Vector_base<boost::shared_ptrboost::program_options::option_description, std::allocator<boost::shared_ptrboost::program_options::option_description > >> = {

M_impl = {<std::allocator<boost::shared_ptrboost::program_options::option_description >> = {<_gnu_cxx::new_allocator<boost::shared_ptrboost::program_options::option_description >> = {}, }, _M_start = 0x6303e0,
_M_finish = 0x630450, _M_end_of_storage = 0x630460}}, },
belong_to_group = {<std::_Bvector_base<std::allocator >> = {

M_impl = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_start = {std::_Bit_iterator_base = {<std::iterator<std::random_access_iterator_tag, bool, long, bool*, bool&>> = {}, _M_p = 0x629d10, _M_offset = 0}, },
_M_finish = {std::_Bit_iterator_base = {<std::iterator<std::random_access_iterator_tag, bool, long, bool*, bool&>> = {}, _M_p = 0x629d10, _M_offset = 7}, }, _M_end_of_storage = 0x629d18}}, },
groups = {<std::_Vector_base<boost::shared_ptrboost::program_options::options_description, std::allocator<boost::shared_ptrboost::program_options::options_description > >> = {

M_impl = {<std::allocator<boost::shared_ptrboost::program_options::options_description >> = {<_gnu_cxx::new_allocator<boost::shared_ptrboost::program_options::options_description >> = {}, }, _M_start = 0x630a70,
_M_finish = 0x630a80, _M_end_of_storage = 0x630a80}}, }}
hiddenDesc = {static m_default_line_length = 80, m_caption = {static npos = 18446744073709551615,

M_dataplus = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_p = 0x630268 "Hidden options"}}, m_line_length = 80, m_min_description_length = 40,
--~~Type to continue, or q to quit--~~
m_options = {<std::_Vector_base<boost::shared_ptrboost::program_options::option_description, std::allocator<boost::shared_ptrboost::program_options::option_description > >> = {

M_impl = {<std::allocator<boost::shared_ptrboost::program_options::option_description >> = {<_gnu_cxx::new_allocator<boost::shared_ptrboost::program_options::option_description >> = {}, }, _M_start = 0x630900,
_M_finish = 0x630920, _M_end_of_storage = 0x630920}}, },
belong_to_group = {<std::_Bvector_base<std::allocator >> = {

M_impl = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_start = {std::_Bit_iterator_base = {<std::iterator<std::random_access_iterator_tag, bool, long, bool*, bool&>> = {}, _M_p = 0x6307f0, _M_offset = 0}, },
_M_finish = {std::_Bit_iterator_base = {<std::iterator<std::random_access_iterator_tag, bool, long, bool*, bool&>> = {}, _M_p = 0x6307f0, _M_offset = 2}, }, _M_end_of_storage = 0x6307f8}}, },
groups = {<std::_Vector_base<boost::shared_ptrboost::program_options::options_description, std::allocator<boost::shared_ptrboost::program_options::options_description > >> = {

M_impl = {<std::allocator<boost::shared_ptrboost::program_options::options_description >> = {<_gnu_cxx::new_allocator<boost::shared_ptrboost::program_options::options_description >> = {}, }, _M_start = 0x0,
_M_finish = 0x0, _M_end_of_storage = 0x0}}, }}
positionalDesc = {
m_names = {<std::_Vector_base<std::basic_string<char, std::char_traits, std::allocator >, std::allocator<std::basic_string<char, std::char_traits, std::allocator > > >> = {

M_impl = {<std::allocator<std::basic_string<char, std::char_traits, std::allocator > >> = {<_gnu_cxx::new_allocator<std::basic_string<char, std::char_traits, std::allocator > >> = {}, },
_M_start = 0x0, _M_finish = 0x0, _M_end_of_storage = 0x0}}, }, m_trailing = {
static npos = 18446744073709551615,

M_dataplus = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_p = 0x630948 "arg"}}}
cmdname = {static NPos = 18446744073709551615, m_Data = {static npos = 18446744073709551615,

M_dataplus = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_p = 0x630998 "pki new-ca"}}}
command = {px = 0x62e6d0}
vm =
initconfig = {static NPos = 18446744073709551615, m_Data = {static npos = 18446744073709551615,

M_dataplus = {<std::allocator> = {<_gnu_cxx::new_allocator> = {}, },
_M_p = 0x630ad8 "/etc/icinga2/init.conf"}}}
rc =

#6  0x000000000041360c in main (argc=4, argv=0x7fffffffe4f8) at /usr/src/debug/icinga2-2.2.0/icinga-app/icinga.cpp:626

rc =

icinga-migration · 2014-11-27T08:34:09Z

Updated by gbeutner on 2014-11-27 08:34:09 +00:00

Status changed from New to Assigned
Assigned to set to gbeutner
Target Version set to 2.2.1

Apparently OpenSSL < 1.0.0 doesn't allow passing NULL as the MD type for X509_sign().

icinga-migration · 2014-11-27T08:40:03Z

Updated by gbeutner on 2014-11-27 08:40:03 +00:00

Status changed from Assigned to Resolved
Done % changed from 0 to 100

Applied in changeset a8b7710.

icinga-migration · 2015-03-23T15:10:55Z

Updated by mfriedrich on 2015-03-23 15:10:55 +00:00

Relates set to 8844

icinga-migration closed this as completed Nov 27, 2014

icinga-migration added bug Something isn't working area/cli Command line helpers labels Jan 17, 2017

icinga-migration added this to the 2.2.1 milestone Jan 17, 2017

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[dev.icinga.com #7862] Segfault in CA handling #2340

[dev.icinga.com #7862] Segfault in CA handling #2340

icinga-migration commented Nov 26, 2014

icinga-migration commented Nov 26, 2014

icinga-migration commented Nov 27, 2014

icinga-migration commented Nov 27, 2014

icinga-migration commented Mar 23, 2015

[dev.icinga.com #7862] Segfault in CA handling #2340

[dev.icinga.com #7862] Segfault in CA handling #2340

Comments

icinga-migration commented Nov 26, 2014

icinga-migration commented Nov 26, 2014

icinga-migration commented Nov 27, 2014

icinga-migration commented Nov 27, 2014

icinga-migration commented Mar 23, 2015