Headline
CVE-2023-4012: segfault in libcrypto.so (#794) · Issues · NTPsec / ntpsec · GitLab
ntpd will crash if the server is not NTS-enabled (no certificate) and it receives an NTS-enabled client request (mode 3).
Skip to content
Open Issue created Jul 22, 2023 by Richard Laager@rlaagerMaintainer
segfault in libcrypto.so
A Debian bug was filed regarding a crash in NTPsec 1.2.2.
His ntp.conf is the (Debian) stock ntp.conf. With comments removed, it is:
driftfile /var/lib/ntpsec/ntp.drift
leapfile /usr/share/zoneinfo/leap-seconds.list
tos maxclock 11
tos minclock 4 minsane 3
pool 0.debian.pool.ntp.org iburst
pool 1.debian.pool.ntp.org iburst
pool 2.debian.pool.ntp.org iburst
pool 3.debian.pool.ntp.org iburst
restrict default kod nomodify nopeer noquery limited
restrict 127.0.0.1
restrict ::1
The ntpsec version of ntpd starts as expected, but randomly crashes in a few hours. It reports the following information to the kern.log file:
2023-06-17T01:12:52.873519+00:00 karita kernel: [258683.650167] ntpd[23269]: segfault at 10 ip 00007f6d3ece0ab3 sp 00007ffc9c364830 error 4 in libcrypto.so.3[7f6d3ecc5000+278000] likely on CPU 1 (core 0, socket 1)
2023-06-17T01:12:52.873554+00:00 karita kernel: [258683.650185] Code: 1f 84 00 00 00 00 00 48 83 ec 08 48 c7 c0 ff ff ff ff 48 85 ff 0f 84 63 04 00 00 48 85 d2 0f 84 5a 04 00 00 41 ba 00 08 00 10 <0f> 10 07 0f 57 e4 44 23 15 e4 fa 39 00 48 8d 42 10 81 fe 00 01 00
Here’s a backtrace from the latest ntpsec coredump.
root@karita:/var/lib/systemd/coredump# export
DEBUGINFOD_URLS="https://debuginfod.debian.net"
root@karita:/var/lib/systemd/coredump# coredumpctl debug
PID: 61726 (ntpd)
UID: 110 (ntpsec)
GID: 117 (ntpsec)
Signal: 11 (SEGV)
Timestamp: Fri 2023-06-30 02:33:27 UTC (59min ago)
Command Line: /usr/sbin/ntpd -p /run/ntpd.pid -c /etc/ntpsec/ntp.conf
-g -N -u ntpsec:ntpsec
Executable: /usr/sbin/ntpd
Control Group: /system.slice/ntpsec.service
Unit: ntpsec.service
Slice: system.slice
Boot ID: 0e943a6b0cfe4fdd9e032c3d91c9d58d
Machine ID: 0e50b80b858599a4a8aa8383662e5bb4
Hostname: karita
Storage:
/var/lib/systemd/coredump/core.ntpd.110.0e943a6b0cfe4fdd9e032c3d91c9d58d.61726.1688092407000000.zst
(present)
Size on Disk: 775.6K
Message: Process 61726 (ntpd) of user 110 dumped core.
Module libnss_systemd.so.2 from deb
systemd-252.6-1.amd64
Stack trace of thread 61726:
#0 0x00007f280d4e0ab3 aesni_set_encrypt_key
(libcrypto.so.3 + 0xe0ab3)
#1 0x00007f280d6f3d45 cipher_hw_aesni_initkey
(libcrypto.so.3 + 0x2f3d45)
#2 0x00007f280d7397fb cipher_generic_init_internal
(libcrypto.so.3 + 0x3397fb)
#3 0x00007f280d7398cb ossl_cipher_generic_einit
(libcrypto.so.3 + 0x3398cb)
#4 0x00007f280d60993b EVP_CipherInit_ex (libcrypto.so.3
+ 0x20993b)
#5 0x0000560b2e1246f3 AES_SIV_Init (ntpd + 0x4c6f3)
#6 0x0000560b2e1255df AES_SIV_Decrypt (ntpd + 0x4d5df)
#7 0x0000560b2e10f40d nts_unpack_cookie (ntpd +
0x3740d)
#8 0x0000560b2e10f85b extens_server_recv (ntpd +
0x3785b)
#9 0x0000560b2e0f78ce receive (ntpd + 0x1f8ce)
#10 0x0000560b2e0ed8ea read_network_packet (ntpd +
0x158ea)
#11 0x0000560b2e0ef3cf input_handler (ntpd + 0x173cf)
#12 0x0000560b2e0e819f mainloop (ntpd + 0x1019f)
#13 0x00007f280d16718a __libc_start_call_main (libc.so.6
+ 0x2718a)
#14 0x00007f280d167245 __libc_start_main_impl (libc.so.6
+ 0x27245)
#15 0x0000560b2e0e84e1 _start (ntpd + 0x104e1)
ELF object binary architecture: AMD x86-64
GNU gdb (Debian 13.1-3) 13.1
Copyright (C) 2023 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later
<http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.
Type "show copying" and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
Type "show configuration" for configuration details.
For bug reporting instructions, please see:
<https://www.gnu.org/software/gdb/bugs/>.
Find the GDB manual and other documentation resources online at:
<http://www.gnu.org/software/gdb/documentation/>.
For help, type "help".
Type "apropos word" to search for commands related to "word"...
Reading symbols from /usr/sbin/ntpd...
Reading symbols from
/usr/lib/debug/.build-id/8b/c6f9398efb6b8c446b2d719831f5738d563c84.debug...
[New LWP 61726]
This GDB supports auto-downloading debuginfo from the following URLs:
<https://debuginfod.debian.net>
Enable debuginfod for this session? (y or [n]) y
Debuginfod has been enabled.
To make this setting permanent, add 'set debuginfod enabled on' to
.gdbinit.
Downloading separate debug info for
/lib/x86_64-linux-gnu/libnss_systemd.so.2
Downloading separate debug info for /lib/x86_64-linux-gnu/libgcc_s.so.1
Downloading separate debug info for system-supplied DSO at
0x7ffc94772000
[Thread debugging using libthread_db enabled]
Using host libthread_db library
"/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/usr/sbin/ntpd -p /run/ntpd.pid -c
/etc/ntpsec/ntp.conf -g -N -u ntpsec:ntpsec'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 aesni_set_encrypt_key () at crypto/aes/aesni-x86_64.s:4104
Download failed: Invalid argument. Continuing without source file
./build_shared/crypto/aes/aesni-x86_64.s.
4104 crypto/aes/aesni-x86_64.s: No such file or directory.
(gdb) bt
#0 aesni_set_encrypt_key () at crypto/aes/aesni-x86_64.s:4104
#1 0x00007f280d6f3d45 in cipher_hw_aesni_initkey (dat=0x560b2f082b50,
key=<optimized out>, keylen=<optimized out>)
at ../providers/implementations/ciphers/cipher_aes_hw_aesni.inc:37
#2 0x00007f280d7397fb in cipher_generic_init_internal
(ctx=0x560b2f082b50,
key=0x10 <error: Cannot access memory at address 0x10>, keylen=16,
iv=0x0,
ivlen=0, params=0x0, enc=1)
at ../providers/implementations/ciphers/ciphercommon.c:218
#3 0x00007f280d7398cb in ossl_cipher_generic_einit (vctx=<optimized
out>,
key=<optimized out>, keylen=<optimized out>, iv=<optimized out>,
ivlen=<optimized out>, params=<optimized out>)
at ../providers/implementations/ciphers/ciphercommon.c:228
#4 0x00007f280d60993b in EVP_CipherInit_ex (ctx=<optimized out>,
cipher=<optimized out>, impl=impl@entry=0x0, key=<optimized out>,
iv=iv@entry=0x0, enc=enc@entry=1) at ../crypto/evp/evp_enc.c:412
#5 0x00007f280d60995b in EVP_EncryptInit_ex (ctx=<optimized out>,
cipher=<optimized out>, impl=impl@entry=0x0, key=<optimized out>,
iv=iv@entry=0x0) at ../crypto/evp/evp_enc.c:450
#6 0x0000560b2e1246f3 in AES_SIV_Init (ctx=ctx@entry=0x560b2f01e5b0,
key=key@entry=0x0, key_len=<optimized out>)
at ../../libaes_siv/aes_siv.c:329
#7 0x0000560b2e1255df in AES_SIV_Decrypt (ctx=0x560b2f01e5b0,
out=out@entry=0x7ffc94695850 "\001",
out_len=out_len@entry=0x7ffc94695848,
key=key@entry=0x0, key_len=<optimized out>,
nonce=nonce@entry=0x560b2ef65364
"t\347CoA\av\236TA\022\200xge\270r\302\027\020\234\215\262\210\rv\324wtM벧\264\230pC\356@4:\336g",
nonce_len=16,
ciphertext=0x560b2ef65374
"r\302\027\020\234\215\262\210\rv\324wtM벧\264\230pC\356@4:\336g",
ciphertext_len=80, ad=0x560b2ef65360 "", ad_len=20)
at ../../libaes_siv/aes_siv.c:582
#8 0x0000560b2e10f40d in nts_unpack_cookie (cookie=0x560b2ef65360 "",
cookielen=100, aead=aead@entry=0x7ffc94695962,
c2s=c2s@entry=0x560b2ef663e8 "", s2c=s2c@entry=0x560b2ef66428 "",
keylen=keylen@entry=0x560b2ef663e4) at ../../ntpd/nts_cookie.c:428
#9 0x0000560b2e10f85b in extens_server_recv (
ntspacket=ntspacket@entry=0x560b2ef66394,
pkt=pkt@entry=0x560b2ef65308 "#", lng=<optimized out>)
at ../../ntpd/nts_extens.c:182
#10 0x0000560b2e0f78ce in receive (rbufp=rbufp@entry=0x560b2ef652c0)
at ../../ntpd/ntp_proto.c:800
#11 0x0000560b2e0ed8ea in read_network_packet (fd=fd@entry=19,
itf=itf@entry=0x560b2ef6de60) at ../../ntpd/ntp_io.c:2243
#12 0x0000560b2e0ef3cf in input_handler (fds=0x7ffc94696bf0)
at ../../ntpd/ntp_io.c:2373
#13 io_handler () at ../../ntpd/ntp_io.c:2280
#14 0x0000560b2e0e819f in mainloop () at ../../ntpd/ntpd.c:940
#15 main (argc=9, argv=<optimized out>) at ../../ntpd/ntpd.c:881
(gdb)
Edited Jul 22, 2023 by James Browning
Related news
Debian Security Advisory 5466-1
Debian Linux Security Advisory 5466-1 - It was discovered that ntpd in ntpsec, a secure, hardened, and improved implementation derived from the original NTP project, could crash if NTS is disabled and an NTS-enabled client request (mode 3) is received.