[sr-dev] [kamailio/kamailio] Kamailio 5.2.3 on Buster - Segmentation fault in libcrypto.so.1.1 (#2077)

Marco Capetta notifications at github.com
Thu Sep 26 17:22:34 CEST 2019 

### Description
After the upgrade of our system to Debian Buster, kamailio started crashing due to TLS module. The issue look similar to the one described in https://github.com/kamailio/kamailio/issues/1860

In Debian Stretch everything was working fine because we compiled kamailio using openssl-1.0 as suggested in the linked issue. Unfortunately Debian Buster doesn't support that old version of the package so we compiled it with openssl-1.1 and we put in place the workaround suggested here https://github.com/kamailio/kamailio/commit/efdc141ecb5ff72e3224e47deaaa79fe02576dd2 but this didn't solved the issue.

#### Debugging Data

At the moment I don have full access to the system so I can provide only the following backtrace:

(gdb) bt full
#0 aesni_ecb_encrypt () at crypto/aes/aesni-x86_64.s:624
No locals.
0000001 0x00007fe7b2159917 in aesni_ecb_cipher (len=16, in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O", <incomplete sequence \323>,
    out=0x7fe7ae58d068 "", ctx=0x7fe7ae3053b8) at ../crypto/evp/e_aes.c:319
        bl = <optimized out>
        bl = <optimized out>
#2 aesni_ecb_cipher (ctx=0x7fe7ae3053b8, out=0x7fe7ae58d068 "", in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O", <incomplete sequence \323>,
    len=16) at ../crypto/evp/e_aes.c:311
        bl = <optimized out>
0000003 0x00007fe7b2165533 in evp_EncryptDecryptUpdate (ctx=0x7fe7ae3053b8, out=0x7fe7ae58d068 "", outl=0x7fff207dc534,
    in=0x7fe7ae3052d0 "\271a\321\064vGKiB\337\344\070\353\220\005\245\020O", <incomplete sequence \323>, inl=16) at ../crypto/evp/evp_enc.c:333
        i = <optimized out>
        j = <optimized out>
        bl = 16
        cmpl = <optimized out>
#4 0x00007fe7b219830f in drbg_ctr_generate (drbg=0x7fe7ae3051e8, out=0x7fe7ae58d068 "", outlen=32, adin=0x0, adinlen=0) at ../crypto/rand/drbg_ctr.c:340
        outl = 16
        ctr = 0x7fe7ae305290
#5 0x00007fe7b21991fb in RAND_DRBG_generate (drbg=drbg at entry=0x7fe7ae3051e8, out=out at entry=0x7fe7ae58d068 "", outlen=outlen at entry=32,
    prediction_resistance=prediction_resistance at entry=0, adin=0x0, adinlen=adinlen at entry=0) at ../crypto/rand/drbg_lib.c:638
        reseed_required = <optimized out>
#6 0x00007fe7b2199481 in RAND_DRBG_bytes (drbg=0x7fe7ae3051e8, out=0x7fe7ae58d068 "", outlen=32) at ../crypto/rand/drbg_lib.c:679
        additional = 0x0
        additional_len = 0
        chunk = 32
        ret = <optimized out>
0000007 0x00007fe7b22f96fd in ssl_fill_hello_random (s=s at entry=0x7fe7ae588de0, server=server at entry=0, result=0x7fe7ae58d068 "", len=len at entry=32,
    dgrd=dgrd at entry=DOWNGRADE_NONE) at ../ssl/s3_lib.c:4589
        send_time = <optimized out>
        ret = <optimized out>
#8 0x00007fe7b231b06e in tls_construct_client_hello (s=0x7fe7ae588de0, pkt=0x7fff207dc700) at ../ssl/statem/statem_clnt.c:1153
        p = <optimized out>
        sess_id_len = <optimized out>
        i = <optimized out>
        protverr = 0
        comp = <optimized out>
        sess = 0x0
        session_id = <optimized out>
0000009 0x00007fe7b231a33f in write_state_machine (s=0x7fe7ae588de0) at ../ssl/statem/statem.c:843
        post_work = 0x7fe7b231f5a0 <ossl_statem_client_post_work>
        mt = 1
        pkt = {buf = 0x7fe7ae59fc90, staticbuf = 0x0, curr = 4, written = 4, maxsize = 18446744073709551615, subs = 0x7fe7ae58be30}
        ret = <optimized out>
        pre_work = 0x7fe7b231d180 <ossl_statem_client_pre_work>
--Type <RET> for more, q to quit, c to continue without paging--
        get_construct_message_f = 0x7fe7b231d250 <ossl_statem_client_construct_message>
        confunc = 0x7fe7b231ad20 <tls_construct_client_hello>
        st = 0x7fe7ae588e28
        transition = 0x7fe7b231cde0 <ossl_statem_client_write_transition>
        cb = 0x7fe7b2375fb0
        st = <optimized out>
        ret = <optimized out>
        transition = <optimized out>
        pre_work = <optimized out>
        post_work = <optimized out>
        get_construct_message_f = <optimized out>
        cb = <optimized out>
        confunc = <optimized out>
        mt = <optimized out>
        pkt = <optimized out>
#10 state_machine (s=0x7fe7ae588de0, server=0) at ../ssl/statem/statem.c:443
        buf = 0x0
        cb = 0x7fe7b2375fb0
        st = <optimized out>
        ret = <optimized out>
        ssret = <optimized out>
0000011 0x00007fe7b2306264 in SSL_do_handshake (s=0x7fe7ae588de0) at ../ssl/ssl_lib.c:3599
        ret = 1
#12 0x00007fe7b23a40b4 in tls_connect () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so
No symbol table info available.
0000013 0x00007fe7b23a568d in tls_encode_f () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tls.so
No symbol table info available.
#14 0x000055f60cceaf7e in tcp_send ()
No symbol table info available.
0000015 0x00007fe7b4e65920 in send_pr_buffer () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#16 0x00007fe7b4e826e8 in t_send_branch () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
0000017 0x00007fe7b4e85adf in t_forward_nonack () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#18 0x00007fe7b4e69452 in t_relay_to () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#19 0x00007fe7b4e340ea in ?? () from /usr/lib/x86_64-linux-gnu/kamailio/modules/tm.so
No symbol table info available.
#20 0x000055f60cc50f29 in do_action ()
No symbol table info available.
0000021 0x000055f60cc4fa1a in run_actions ()
No symbol table info available.
#22 0x000055f60cc517e2 in do_action ()
--Type <RET> for more, q to quit, c to continue without paging--
No symbol table info available.
0000023 0x000055f60cc4fa1a in run_actions ()
No symbol table info available.
#24 0x000055f60cc5154f in do_action ()
No symbol table info available.
0000025 0x000055f60cc4fa1a in run_actions ()
No symbol table info available.
#26 0x000055f60cc5d46f in run_top_route ()
No symbol table info available.
0000027 0x000055f60cd594cf in receive_msg ()
No symbol table info available.
#28 0x000055f60cc7ab45 in udp_rcv_loop ()
No symbol table info available.
0000029 0x000055f60cc0febb in main_loop ()
No symbol table info available.
#30 0x000055f60cc07415 in main ()
No symbol table info available.
(gdb)



### Additional Information
Kamailio version 5.2.3
Debian Buster 10.1

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/2077
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-dev/attachments/20190926/bf40afef/attachment-0001.html>

More information about the sr-dev mailing list