[openssl-dev] [openssl.org #3771] bug: s_client loop at 100% cpu

Mon Mar 30 07:51:17 UTC 2015

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Contrast the following two examples:

#1:
time : | openssl s_client -connect www.openssl.org:443  >& /dev/null

real    0m0.545s
user    0m0.000s
sys     0m0.000s

#2:
time : | openssl s_client -quiet -connect www.openssl.org:443  >& /dev/null

real    0m21.255s
user    0m9.500s
sys     0m11.180s

- -----------

Note the numerology:   21.225 - 9.5 - 11.18 =  0.545
That means that if you discount the half second it takes to actually
fetch the certificate, s_client was using 100% of the cpu the whole
time ... for more than 20 seconds.

I cannot imagine why it loops when "-quiet" is specified and not
otherwise.  I cannot imagine why it loops for 20.5 seconds instead
of 20.5 minutes or 20.5 hours.

This is 100% reproducible chez moi, although the timings naturally
vary by a little bit.

(gdb) where
#0  0x00007ffff7903653 in __select_nocancel () at ../sysdeps/unix/syscall-template.S:81
#1  0x0000000000434d73 in s_client_main (argc=0, argv=0x7fffffffe680) at s_client.c:1794
#2  0x00000000004039a8 in do_cmd (prog=0x990540, argc=4, argv=0x7fffffffe660) at openssl.c:470
#3  0x00000000004035b8 in main (Argc=4, Argv=0x7fffffffe660) at openssl.c:366

openssl version
OpenSSL 1.1.0-dev xx XXX xxxx  (latest github version)

Same symptoms observed in older versions:
openssl version
OpenSSL 1.0.1f 6 Jan 2014

uname -a
Linux asclepias 3.18.0+ #2 SMP Sun Dec 21 18:25:03 MST 2014 x86_64 x86_64 x86_64 GNU/Linux

=========

Obvious workaround:  Don't specify the "-quiet" option.  There are
other ways of dealing with the unwanted prolixity.

Priority: low.  Compared to actual security problems such as the 
nameconstraints bypass bug [openssl.org #3502] this is nothing.