NetBSD Problem Report #51987

From htodd@i8u.org  Mon Feb 20 17:50:26 2017
Return-Path: <htodd@i8u.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 15C7D7A220
	for <gnats-bugs@gnats.NetBSD.org>; Mon, 20 Feb 2017 17:50:26 +0000 (UTC)
Message-Id: <20170220175019.36A6916C93DF@chris.i8u.org>
Date: Mon, 20 Feb 2017 09:50:19 -0800 (PST)
From: htodd@i8u.org
Reply-To: htodd@i8u.org
To: gnats-bugs@NetBSD.org
Subject: certbot accessing openssl in python2.7 causes segfault
X-Send-Pr-Version: 3.95

>Number:         51987
>Category:       pkg
>Synopsis:       certbot accessing openssl in python2.7 causes segfault
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Mon Feb 20 17:55:00 +0000 2017
>Last-Modified:  Mon Feb 20 23:55:01 +0000 2017
>Originator:     Hisashi T Fujinaka <htodd@twofifty.com>
>Release:        NetBSD 7.1_RC1
>Organization:
none
>Environment:


System: NetBSD chris.i8u.org 7.1_RC1 NetBSD 7.1_RC1 (CHRIS) #124: Sun Feb 19 09:31:52 PST 2017 htodd@chris.i8u.org:/usr/obj/amd64/sys/arch/amd64/compile/CHRIS amd64
Architecture: x86_64
Machine: amd64
>Description:
py-certbot from pkgsrc-2016Q4 using python2.7 dumps core when trying to "certbot certonly ...".

The first dozen lines or so of the backtrace are:
#0  0x00007f7ff7e15f90 in ?? ()
#1  0x00007f7ff0f41dd8 in internal_verify () from /usr/pkg/lib/libcrypto.so.1.0.0
#2  0x00007f7ff0f43b1d in X509_verify_cert () from /usr/pkg/lib/libcrypto.so.1.0.0
#3  0x00007f7ff1442671 in ssl_verify_cert_chain () from /usr/pkg/lib/libssl.so.1.0.0
#4  0x00007f7ff141ff9f in ssl3_get_server_certificate () from /usr/pkg/lib/libssl.so.1.0.0
#5  0x00007f7ff1424a21 in ssl3_connect () from /usr/pkg/lib/libssl.so.1.0.0
#6  0x00007f7ff142d924 in ssl23_connect () from /usr/pkg/lib/libssl.so.1.0.0
#7  0x00007f7feee5700c in _cffi_f_SSL_do_handshake ()
   from /usr/pkg/lib/python2.7/site-packages/cryptography/hazmat/bindings/_openssl.so
#8  0x00007f7ff78d2c9b in PyEval_EvalFrameEx () from /usr/pkg/lib/libpython2.7.so.1.0
#9  0x00007f7ff78d2978 in PyEval_EvalFrameEx () from /usr/pkg/lib/libpython2.7.so.1.0
#10 0x00007f7ff78d48e8 in PyEval_EvalCodeEx () from /usr/pkg/lib/libpython2.7.so.1.0
#11 0x00007f7ff78d26bb in PyEval_EvalFrameEx () from /usr/pkg/lib/libpython2.7.so.1.0
#12 0x00007f7ff78d48e8 in PyEval_EvalCodeEx () from /usr/pkg/lib/libpython2.7.so.1.0


>How-To-Repeat:
Install py-certbot from pkgsrc-2016Q4 using python2.7 and try to generate a certificate "certbot certonly ...".

>Fix:
Not sure. Also not sure if this is related to pr/51490 python (2.7) needs PaX MPROTECT disabled for some programs.


>Audit-Trail:
From: Thomas Klausner <wiz@NetBSD.org>
To: NetBSD bugtracking <gnats-bugs@NetBSD.org>
Cc: 
Subject: Re: pkg/51987: certbot accessing openssl in python2.7 causes segfault
Date: Tue, 21 Feb 2017 00:52:30 +0100

 On Mon, Feb 20, 2017 at 05:55:00PM +0000, htodd@i8u.org wrote:
 > >Number:         51987
 > >Category:       pkg
 > >Synopsis:       certbot accessing openssl in python2.7 causes segfault

 My best guess is that this is caused (via py-cffi and py-OpenSSL) by
 libffi, see

 https://github.com/libffi/libffi/issues/294

 Help is welcome.
  Thomas

>Unformatted:

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.