[mod_gnutls-devel] Segfault in 0.8.1 test 24 on i386

Thomas Klute thomas2.klute at uni-dortmund.de
Sun Jan 8 18:48:41 CET 2017

My observation from a Yakkety amd64 system: A segfault occurs reliably
on Apache shutdown (so the test still passes) with libsofthsm2.so from
the libsofthsm2 package, but not with libsofthsm2.so locally built from
the SoftHSMv2 git repository at the 2.1.0 tag.

Valgrind reports 4 lost blocks of memory while loading the Ubuntu
SoftHSM, as opposed to 1 with the one built from Git. I also downloaded
the Ubuntu source package and built that locally. Again: Segfault, and
identical memory leaks reported by Valgrind.

This excludes problems with the general system environment (it is the
same) and in dependencies (according to ldd both libs link against the
same system libs). Based on this I can only assume that there is an
issue specific to the Ubuntu build process for SoftHSM.


Am 06.01.2017 um 05:58 schrieb Brian Morton:
> I'm fairly stuck on this one. Tried running old versions of packages on Sid
> and can't reproduce the crash. I also build apache2 and libgnutls30 from
> upstream sources and the crash still occurs on Zesty. Disabled apparmor,
> and compared lots of build logs between Debian and Ubuntu to see if there
> are any differences. I don't see any Debian patches in key dependencies
> that would explain the ability to build.
> At this point I'm starting to wonder if it's the toolchain or something in
> the kernel. Perhaps there's a simpler explanation?
> On Tue, Jan 3, 2017 at 12:23 AM, Brian Morton <rokclimb15 at gmail.com> wrote:
>> Great info!
>> Apache2 and libgnutls30 are slightly newer in Sid currently. I'll see if I
>> can pin some older versions in unstable and reproduce the crash.
>>> On Jan 2, 2017, at 11:46 PM, Daniel Kahn Gillmor <dkg at fifthhorseman.net>
>> wrote:
>>>> On Mon 2017-01-02 17:42:58 -0500, Brian Morton wrote:
>>>> I've been working on diagnosing this FTBFS bug in Ubuntu
>>>> https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1597450.
>>>> Mod_gnutls fails to build on i386 due to some string format issues
>> fixed in
>>>> 0.8.1. Once those simple issues are fixed, test 24 fails due to a
>> segfault
>>>> in Apache. This seems to be true whether using Debian/Ubuntu sources or
>> the
>>>> latest from mod_gnutls. The crash appears to be due to a buffer
>> overflow.
>>>> Backtrace indicates several libs are involved including gnutls,
>> softhsm2,
>>>> and p11-kit. The issue very likely is within one of those libraries
>> rather
>>>> than mod_gnutls, but I'm trying to nail it down further so I thought I'd
>>>> start here.
>>> fwiw, we're not seeing these issues on debian unstable on i386 with the
>>> packaged version 0.8.1-1.  It looks like some sort of failure in process
>>> cleanup related to softhsm2, but the versions of softhsm2 (2.2.0-1) look
>>> like they're the same in ubuntu zesty and debian unstable.
>>> i haven't been able to tease out any better diagnosis myself yet, sorry!
>>>  --dkg
> _______________________________________________
> mod_gnutls-devel mailing list
> mod_gnutls-devel at lists.gnutls.org
> http://lists.gnupg.org/mailman/listinfo/mod_gnutls-devel

Dipl.-Ing. Thomas Klute

E-Mail: thomas2.klute at uni-dortmund.de
Tel.: +49 231 58680474

More information about the mod_gnutls-devel mailing list