curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Bug Report: Uninitialized Memory Access During SSL Initialization

From: Charalampos Mitrodimas via curl-library <curl-library_at_lists.haxx.se>
Date: Sat, 02 Nov 2024 11:17:13 +0000

Hi libcurl folks,

In my journey to send emails in a multi-threaded C program, I
encountered a use-of-uninitialized-value memory issue. MemorySanitizer
detects use of uninitialized memory during the SSL initialization phase.

Importantly, this issue was discovered using the official
multi-threading example code from the libcurl documentation
(https://curl.se/libcurl/c/multithread.html), suggesting this could
affect many implementations that follow the official guidance.


Steps to Reproduce:
      1. Save the code from https://curl.se/libcurl/c/multithread.html
         to main.c
      2. clang -fsanitize=memory main.c -lcurl -g
      3. ./a.out
      4. MemorySanitizer reports use of uninitialized memory in the
         following call stack
         ---
         Uninitialized bytes in __interceptor_fopen64 at offset 0 inside [0x70200000f820, 25)
         ==186400==WARNING: MemorySanitizer: use-of-uninitialized-value
             #0 0x7f8423d11a12 in BIO_new_file (/lib/x86_64-linux-gnu/libcrypto.so.3+0x111a12) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98)
             #1 0x7f8423d58748 (/lib/x86_64-linux-gnu/libcrypto.so.3+0x158748) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98)
             #2 0x7f8423d5a24d in CONF_modules_load_file_ex (/lib/x86_64-linux-gnu/libcrypto.so.3+0x15a24d) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98)
             #3 0x7f8423d5a613 (/lib/x86_64-linux-gnu/libcrypto.so.3+0x15a613) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98)
             #4 0x7f8423e31eca (/lib/x86_64-linux-gnu/libcrypto.so.3+0x231eca) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98)
             #5 0x7f84242d8fa6 in __pthread_once_slow nptl/./nptl/pthread_once.c:116:7
             #6 0x7f8423e3f698 in CRYPTO_THREAD_run_once (/lib/x86_64-linux-gnu/libcrypto.so.3+0x23f698) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98)
             #7 0x7f8423e326e9 in OPENSSL_init_crypto (/lib/x86_64-linux-gnu/libcrypto.so.3+0x2326e9) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98)
             #8 0x7f84240fe6e0 in OPENSSL_init_ssl (/lib/x86_64-linux-gnu/libssl.so.3+0x326e0) (BuildId: 4f08077a451931c4c457240529eff5865919a63b)
             #9 0x7f84245a3c9f (/lib/x86_64-linux-gnu/libcurl.so.4+0x78c9f) (BuildId: d9749b46807207df0c2b0aaccd4179e04f587b75)
             #10 0x7f842454fa62 (/lib/x86_64-linux-gnu/libcurl.so.4+0x24a62) (BuildId: d9749b46807207df0c2b0aaccd4179e04f587b75)
             #11 0x7f842454fc59 in curl_global_init (/lib/x86_64-linux-gnu/libcurl.so.4+0x24c59) (BuildId: d9749b46807207df0c2b0aaccd4179e04f587b75)
             #12 0x564107c3439c in main /home/charmitro/main.c:48:3
             #13 0x7f8424272249 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
             #14 0x7f8424272304 in __libc_start_main csu/../csu/libc-start.c:360:3
             #15 0x564107bae300 in _start (/home/charmitro/a.out+0x21300) (BuildId: 8a2a934a01087da0adfef87f136c489d537e3b1e)

         SUMMARY: MemorySanitizer: use-of-uninitialized-value (/lib/x86_64-linux-gnu/libcrypto.so.3+0x111a12) (BuildId: 72c05a16f686d285265b1e1a135706b21e0fdf98) in BIO_new_file

Thank you all for your effort developing such a greate library.

                       C. Mitrodimas
-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-11-02