[asterisk-bugs] [JIRA] (ASTERISK-30278) tcptls: Abort occurs if SSL error is logged if MALLOC_DEBUG is enabled

Joshua C. Colp (JIRA) noreply at issues.asterisk.org
Thu Oct 27 04:14:09 CDT 2022 

    [ https://issues.asterisk.org/jira/browse/ASTERISK-30278?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=260520#comment-260520 ] 

Joshua C. Colp edited comment on ASTERISK-30278 at 10/27/22 4:13 AM:
---------------------------------------------------------------------

In fact, I think that's exactly what happened and the issue has been there for ages. It just only happens if MALLOC_DEBUG is enabled and an SSL error is written to the log. That mechanism it appears has OpenSSL providing an allocated buffer, while we try to use our own free to free it. Since it's not in astmm, that code is written to abort since it's a mistake in the code.


was (Author: jcolp):
In fact, I think that's exactly what happened and the issue has been there for ages. It just only happens if MALLOC_DEBUG is enabled and an SSL error is written to the log.

> tcptls: Abort occurs if SSL error is logged if MALLOC_DEBUG is enabled
> ----------------------------------------------------------------------
>
>                 Key: ASTERISK-30278
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-30278
>             Project: Asterisk
>          Issue Type: Bug
>      Security Level: None
>          Components: Core/General, Core/HTTP
>    Affects Versions: 20.0.0
>         Environment: Debian 10
>            Reporter: N A
>
> Somehow this didn't happen with 20.0.0-rc2 but does with 20.0.0:
> Workaround is to comment out tls stuff in http.conf. This allows Asterisk to load, but anything TLS related is broken.
> This should be handled more elegantly and should not prevent Asterisk from loading.
> {noformat}
> [2022-10-27 02:08:01]  Bound HTTP server 'http server' to address 0.0.0.0:8088
> [2022-10-27 02:08:01] ERROR[13478]: tcptls.c:478 __ssl_setup: TLS/SSL error loading cert file. </etc/letsencrypt/live/REDACTED/fullchain.pem>
> [2022-10-27 02:08:01] ERROR[13478]: tcptls.c:126 write_openssl_error_to_log: 139767752312704:error:0200100D:system library:fopen:Permission denied:../crypto/bio/bss_file.c:288:fopen('/etc/letsencrypt/live/REDACTED/fullchain.pem','r')
> 139767752312704:error:20074002:BIO routines:file_ctrl:system lib:../crypto/bio/bss_file.c:290:
> 139767752312704:error:140DC002:SSL routines:use_certificate_chain_file:system lib:../ssl/ssl_rsa.c:596:
> WARNING: Freeing unregistered memory 0x555f8eb934e0 by tcptls.c write_openssl_error_to_log() line 129
> Aborted
> {noformat}
> Backtrace:
> {noformat}
> Thread 1 (Thread 0x7f6e3a769780 (LWP 13346)):
> #0  0x00007f6e3c7da8eb in __GI_raise (sig=sig at entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50
>         set = {__val = {134238211, 0, 536870944, 0 <repeats 11 times>, 140722913561296, 94339226947474}}
>         pid = <optimized out>
>         tid = <optimized out>
> #1  0x00007f6e3c7c5535 in __GI_abort () at abort.c:79
>         save_stage = 1
>         act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {0 <repeats 13 times>, 384, 874643456, 140722913561680}}, sa_flags = 1015628820, sa_restorer = 0x34220000}
>         sigs = {__val = {32, 0 <repeats 15 times>}}
> #2  0x000055cd102a3847 in ast_do_crash () at utils.c:2770
> #3  0x000055cd100f7c69 in my_do_crash () at astmm.c:230
> #4  0x000055cd100f8698 in __ast_free (ptr=0x55cd10f24460, file=0x55cd1037c6a9 "tcptls.c", lineno=129, func=0x55cd1037cea0 <__PRETTY_FUNCTION__.35492> "write_openssl_error_to_log") at astmm.c:488
>         reg = 0x0
> #5  0x000055cd10285ad4 in write_openssl_error_to_log () at tcptls.c:129
>         fp = 0x55cd10f292d0
>         buffer = 0x55cd10f24460 "140111403980672:error:0200100D:system library:fopen:Permission denied:../crypto/bio/bss_file.c:288:fopen('/etc/letsencrypt/live/voip.REDACTED.org/fullchain.pem','r')n140111403980672:error:20074002:BI"...
>         length = 366
>         __FUNCTION__ = "write_openssl_error_to_log"
>         __PRETTY_FUNCTION__ = "write_openssl_error_to_log"
> #6  0x000055cd10286aab in __ssl_setup (cfg=0x55cd1042d5e0 <http_tls_cfg>, client=0) at tcptls.c:479
>         tmpprivate = 0x55cd118b0580 "/etc/letsencrypt/live/voip.REDACTED.org/privkey.pem"
>         disable_ssl = 1
>         ssl_opts = 37748736
>         __FUNCTION__ = "__ssl_setup"
>         __PRETTY_FUNCTION__ = "__ssl_setup"
> #7  0x000055cd10287013 in ast_ssl_setup (cfg=0x55cd1042d5e0 <http_tls_cfg>) at tcptls.c:572
> #8  0x000055cd102f055b in __ast_http_load (reload=0) at http.c:2535
>         cfg = 0x55cd1123eff0
>         v = 0x0
>         enabled = -1
>         new_static_uri_enabled = -1
>         new_status_uri_enabled = 0
>         newprefix = '000' <repeats 79 times>
>         server_name = "000sterisk/20.0.0000000310064020000000000000200227v:n177000000000254A020001000000000300ώ021315U000000P000000000000000000000370ώ021315U000000320NF233374177000000000000"4000000000000200NF233374177000000206314017020315U000000en000000000000000000370067071020315U000000000000000000000000000000b030071020315U000"
>         redirect = 0x0
>         config_flags = {flags = 0}
>         bindport = 8088
>         http_tls_was_enabled = 0
>         bindaddr = 0x7ffc9b464da0 "0.0.0.0"
>         __PRETTY_FUNCTION__ = "__ast_http_load"
>         __FUNCTION__ = "__ast_http_load"
> #9  0x000055cd102f0bad in load_module () at http.c:2666
>         __PRETTY_FUNCTION__ = "load_module"
> #10 0x000055cd101bf9de in start_resource (mod=0x55cd10e00610) at loader.c:1718
>         tmp = "244232065020315U000000 at 001340020315U000000000PF233374177000000261267033020315U000000tary Ser000000000000000000000000 at 001340020315U000000020006340020315U000000000000000000000000000000;270033020315U000000002", '000' <repeats 15 times>, "@001340020315U000000020006340020315U000000360310070020315U", '000' <repeats 26 times>, "pPF233374177000000361272033020315U000000001000000000001", '000' <repeats 11 times>, "220006340020315U000000020006340020315U000000PQF233374177000000000000"...
>         res = AST_MODULE_LOAD_SUCCESS
>         __PRETTY_FUNCTION__ = "start_resource"
>         __FUNCTION__ = "start_resource"
> #11 0x000055cd101c042d in start_resource_attempt (mod=0x55cd10e00610, count=0x7ffc9b46526c) at loader.c:1894
>         lres = AST_MODULE_LOAD_DECLINE
>         __FUNCTION__ = "start_resource_attempt"
> #12 0x000055cd101c0e18 in start_resource_list (resources=0x7ffc9b465270, mod_count=0x7ffc9b46526c) at loader.c:1991
>         mod = 0x55cd10e00610
>         lres = AST_MODULE_LOAD_SUCCESS
>         missingdeps = {elems = 0x55cd11bced60, max = 2, current = 0}
>         res = 0
>         printmissing = 0x0
>         __PRETTY_FUNCTION__ = "start_resource_list"
>         __FUNCTION__ = "start_resource_list"
> #13 0x000055cd101c1c37 in load_resource_list (load_order=0x7ffc9b465420, mod_count=0x7ffc9b46541c) at loader.c:2173
>         module_priorities = {elems = 0x55cd10edc7a0, max = 500, current = 363}
>         order = 0x0
>         attempt = 5
>         count = 32
>         res = -1
>         didwork = 0
>         lasttry = 1
>         __PRETTY_FUNCTION__ = "load_resource_list"
>         __FUNCTION__ = "load_resource_list"
> #14 0x000055cd101c2672 in load_modules () at loader.c:2396
>         order = 0x0
>         load_count = 396
>         load_order = {first = 0x0, last = 0x0}
>         res = 0
>         modulecount = 0
>         i = 21965
>         cur = 0x0
>         warning_msg = 0x7ffc9b465480
>         deprecated_in = "020TF233374177000000022375)020315U000000000000000000000000000000060c?020315U000", <incomplete sequence 320>
>         removed_in = "t004000000001000000000z312)020315U000000H016000000000000000000340206A020315U000000("
>         replacement = " 235003021315U000000060c?020315U000000021.3020315U000000340d3020315U000000000000000000020004000000a 3020315U000000343215020020315U000000006E034020315U000000354363016020315U000000222364016020315U000000200305027020315U000000st017020315U000000vi017020315U000000233p|<n177000000232233f020315U000000000000000000000000000", <incomplete sequence 340>
>         start_time = {tv_sec = 1666836403, tv_usec = 120419}
>         end_time = {tv_sec = 140722913563776, tv_usec = 94339239780048}
>         usElapsed = 94339228460256
>         __FUNCTION__ = "load_modules"
>         __PRETTY_FUNCTION__ = "load_modules"
> #15 0x000055cd100f7486 in asterisk_daemon (isroot=0, runuser=0x55cd10e031a0 "asterisk", rungroup=0x55cd10e030f0 "asterisk") at asterisk.c:4261
>         f = 0x55cd10e02e30
>         sigs = {__val = {134238211, 0 <repeats 15 times>}}
>         num = -1892950143
>         buf = 0x7ffc9b467890 "p272062020315U"
>         pbx_uuid = "1c97f475-d389-4d7e-9c78-81857c466fbf"
>         __FUNCTION__ = "asterisk_daemon"
> #16 0x000055cd100f6976 in main (argc=2, argv=0x7ffc9b467978) at asterisk.c:4028
>         c = -1
>         x = 2
>         isroot = 0
>         rundir_exists = 1
>         runuser = 0x55cd10e031a0 "asterisk"
>         rungroup = 0x55cd10e030f0 "asterisk"
>         xarg = 0x0
>         l = {rlim_cur = 1024, rlim_max = 1048576}
>         getopt_settings = 0x55cd103367d8 "BC:cde:FfG:ghIiL:M:mnpqRrs:TtU:VvWXx:"
>         __PRETTY_FUNCTION__ = "main"
>         __FUNCTION__ = "main"
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

More information about the asterisk-bugs mailing list