Skip Menu |

This queue is for tickets about the Business-PayPal-EWP CPAN distribution.

Report information
The Basics
Id: 48877
Status: resolved
Priority: 0/
Queue: Business-PayPal-EWP
People
Owner: Nobody in particular
Requestors: perl [...] rainboxx.de
Cc:
AdminCc:
Bug Information
Severity: Important
Broken in: 1.01
Fixed in: (no value)
Attachments
PGP.sig

History Show all quoted text
  Thu Aug 20 09:06:47 2009 perl [...] rainboxx.de - Ticket created
Subject: Still segfaults
I'm using Business::PayPal::EWP through Catalyst::Model::PayPal::IPN. While encrypting form data, I get the following segfault: perl(67868) malloc: *** error for object 0x29569f0: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug Segmentation fault The system is a Mac OS X (latest) with a perl from macports running the catalyst dev server. Can I provide more helpful information to get this issue solved?
  Thu Aug 20 11:06:15 2009 tbusch [...] cpan.org - Correspondence added
Subject: Re: [rt.cpan.org #48877] Still segfaults
Date: Thu, 20 Aug 2009 17:06:37 +0200
To: bug-Business-PayPal-EWP [...] rt.cpan.org
From: Thomas Busch <tbusch [...] cpan.org>
Hi Matthias, do you have a test case where this systematically happens ? I don't know Catalyst at all. Maybe you can help. Thomas. Show quoted text
> Thu Aug 20 09:06:47 2009: Request 48877 was acted upon. > Transaction: Ticket created by MDIETRICH > Queue: Business-PayPal-EWP > Subject: Still segfaults > Broken in: 1.01 > Severity: Important > Owner: Nobody > Requestors: perl@rainboxx.de > Status: new > Ticket <URL: https://rt.cpan.org/Ticket/Display.html?id=48877 > > > > I'm using Business::PayPal::EWP through Catalyst::Model::PayPal::IPN. > While encrypting form data, I get the following segfault: > > perl(67868) malloc: *** error for object 0x29569f0: incorrect checksum > for freed object - object was probably modified after being freed. > *** set a breakpoint in malloc_error_break to debug > Segmentation fault > > The system is a Mac OS X (latest) with a perl from macports running the > catalyst dev server. Can I provide more helpful information to get this > issue solved? >
  Thu Aug 20 11:06:17 2009 The RT System itself - Status changed from 'new' to 'open'
  Sun Aug 30 17:36:21 2009 perl [...] rainboxx.de - Correspondence added
On Do. 20. Aug. 2009, 11:06:15, tbusch@cpan.org wrote: Show quoted text
> Hi Matthias, > > do you have a test case where this systematically happens ? > I don't know Catalyst at all. Maybe you can help. > > Thomas.
The app was under heavy construction the last weeks so I need to implement the encrypt process again -- will do that soon. But maybe I have created wrong keys? I post how I created them as I'm not sure which sort of keys I have to use (they are described nowhere in the POD): To build the key $key (see POD) I used this command: openssl genrsa -out privatekey.pem 1024 To build the $cert I used this command: openssl req -new -key privatekey.pem -x509 -days 365 -out publiccert.pem The $ppcert was of course downloaded from PayPal. Are the params basically ok? Thanks, matt
  Tue Sep 01 06:57:57 2009 tbusch [...] cpan.org - Correspondence added
Subject: Re: [rt.cpan.org #48877] Still segfaults
Date: Tue, 01 Sep 2009 12:57:22 +0200
To: bug-Business-PayPal-EWP [...] rt.cpan.org
From: Thomas Busch <tbusch [...] cpan.org>
Show quoted text
> The app was under heavy construction the last weeks so I need to > implement the encrypt process again -- will do that soon. But maybe I > have created wrong keys? I post how I created them as I'm not sure > which sort of keys I have to use (they are described nowhere in the POD): > > To build the key $key (see POD) I used this command: > openssl genrsa -out privatekey.pem 1024 > > To build the $cert I used this command: > openssl req -new -key privatekey.pem -x509 -days 365 -out publiccert.pem > > The $ppcert was of course downloaded from PayPal. Are the params > basically ok?
yes this is correct. Did you uplod you public certificate to your paypal account ? Thomas.
  Sat Sep 05 13:53:11 2009 perl [...] rainboxx.de - Correspondence added
Subject: Re: [rt.cpan.org #48877] Still segfaults
Date: Sat, 5 Sep 2009 19:52:47 +0200
To: bug-Business-PayPal-EWP [...] rt.cpan.org
From: Matthias Dietrich <perl [...] rainboxx.de>
Hi, Am 01.09.2009 um 12:57 schrieb tbusch@cpan.org via RT: Show quoted text
> yes this is correct. Did you uplod you public certificate to your > paypal account ?
I'm on holiday the next two weeks and will follow up when I'm back. Thanks, matt -- rainboxx Matthias Dietrich Freier Software Engineer rainboxx | Tel.: +49 (0) 151 / 50 60 78 64 Tölzer Str. 19 | Mail: matt@rainboxx.de 70372 Stuttgart | WWW : http://www.rainboxx.de XING: https://www.xing.com/profile/Matthias_Dietrich18 GULP: http://www.gulp.de/profil/rainboxx.html
Download PGP.sig
application/pgp-signature 194b

Message body not shown because it is not plain text.

  Sun Feb 14 15:59:58 2010 BMORROW [...] cpan.org - Correspondence added
On Thu Aug 20 11:06:15 2009, tbusch@cpan.org wrote: Show quoted text
> > do you have a test case where this systematically happens ? > I don't know Catalyst at all. Maybe you can help.
I can reproduce this crash with B::PP::EWP 1.02, Perl 5.10.1 on FreeBSD 7.2 using OpenSSL 0.8.9e (the base system's openssl) with this script: use Test::More tests => 1; eval "use Business::PayPal::EWP"; my $e = Business::PayPal::EWP::SignAndEncrypt( "Hello World!", "test.key", "test.crt", "paypal.pem" ); isnt $e, ""; Removing Test::More or the eval seems to make the problem go away, but since I think this is a memory corruption bug this is expected. The following patch fixes the problem, at least for me: --- EWP.xs.orig 2010-02-14 20:49:15.000000000 +0000 +++ EWP.xs 2010-02-14 20:49:53.000000000 +0000 @@ -99,6 +99,9 @@ goto end; } + /* p7bio now owns memBio, so don't try to free it */ + memBio = NULL; + //Pump data to special PKCS7 BIO. This encrypts and signs it. BIO_write(p7bio, data, strlen(data)); BIO_flush(p7bio); The issue is that PKCS7_dataInit calls BIO_push(p7bio, memBio) which means that when BIO_free_all(p7bio) is called it tries to free an already-freed BIO. Since none of this stuff is documented, I'm afraid I have no idea how portable this fix is across OpenSSL versions. It also appears from the OpenSSL source that using p7bio = PKCS7_dataInit(p7, NULL); would internally allocate a BIO_s_mem if needed and avoid memBio altogether, but I again I don't know if this is portable across OpenSSL versions. Ben
  Fri Aug 24 13:56:32 2012 thomas [...] careerjet.com - Correspondence added
fixed in 1.03
  Fri Aug 24 13:56:33 2012 thomas [...] careerjet.com - Status changed from 'open' to 'resolved'