ports/121711: dns/opendd segmentation fault on 7.0-RELEASE when compiled with SSL

Patrick Cheung cp+freebsd.org at FreeBSD.org
Fri Mar 14 19:20:02 UTC 2008 

>Number:         121711
>Category:       ports
>Synopsis:       dns/opendd segmentation fault on 7.0-RELEASE when compiled with SSL
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Mar 14 19:20:02 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Patrick Cheung
>Release:        7.0-RELEASE
>Organization:
>Environment:
FreeBSD machine 7.0-RELEASE FreeBSD 7.0-RELEASE #0: Sun Feb 24 19:59:52 UTC 2008 root at logan.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
When the port is built with USE_SOCKET_SSL, OpenDD has segmentation fault under 7.0-RELEASE when started.

$ opendd -c /usr/local/etc/opendd/opendd.conf -v 
-- running OpenDD 0.7.8 in normal mode
drop_privileges() : setgid to nogroup (gid 65533)
drop_privileges() : setuid to nobody (uid 65534)
main() : getting my ip address : <ip>
dyndns() : Setting SSL trust certificate store to /usr/local/etc/opendd/opendd.pem
Segmentation fault

The problem doesn't exist in 6.2-RELEASE.
>How-To-Repeat:
1. Build and install dns/opendd from the port collection. (Build with USE_SOCKET_SSL during config).
2. Modify /usr/local/etc/opendd/opendd.conf and change the following parameters:
  use_ssl = 1
  runasdaemon = 0
  iface = <interface>
3. Run the opendd program by running
$ opendd -c /usr/local/etc/opendd/opendd.conf -v
>Fix:
After some digging, it appears the segmentation fault occurred just before calling SSL_CTX_load_verify_locations():

include/socket.c(527): if (!SSL_CTX_load_verify_locations(new_socket->ctx, pathstore, NULL)) {

Immediate before the above line executes, (new_socket->ctx==NULL) is true.

Calling,
  SSL_load_error_strings();
  ERR_print_errors_fp(stderr);
just before the above line will output the following just before segmentation fault,

11038:error:140A90A1:SSL routines:SSL_CTX_new:library has no ciphers:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/ssl_lib.c:1424:

Have no idea what the problem is apart from the above.


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list