search

pyca / pyopenssl

A Python wrapper around the OpenSSL library
https://pyopenssl.org/
Apache License 2.0
890 stars 419 forks source link

MemoryError: Cannot allocate write+execute memory for ffi.callback() in ASLR enabled machine - FreeBSD #1267

Closed Soujanya459 closed 7 months ago

Soujanya459 commented 1 year ago

Hi,

I'm seeing this error frequently while running my application on ASLR enabled machine Custom-OS built on FreeBSD ..

system-libraries-> libffi-3.2.1_3, RUST 1.26.0, python 3.11.5 and openssl 3.0.11 (FIPS enabled)

Please let me know What might be the issue? I have provided pip list I need to resolve this issue asap for my application

# uname -a
FreeBSD onefs-soujanya-49-1 12.0-CURRENT FreeBSD 12.0-CURRENT amd64

 #sysctl kern.elf64.
kern.elf64.allow_wx: 0
kern.elf64.aslr.stack_gap: 3
kern.elf64.aslr.honor_sbrk: 0
kern.elf64.aslr.pie_enable: 1
kern.elf64.aslr.enable: 1
kern.elf64.pie_base: 16912384
kern.elf64.nxstack: 1
kern.elf64.fallback_brand: -1

As I debug my code came to know that in python package issue not my application.

> /var/pipeline/a7TyGP2z/0/business/services/sdst/prodeploy/ese/ese/ese_virtualenv/lib/python3.11/site-packages/OpenSSL/crypto.py(2136)dump_privatekey()
-> _ffi.NULL,
(Pdb) s
> /var/pipeline/a7TyGP2z/0/business/services/sdst/prodeploy/ese/ese/ese_virtualenv/lib/python3.11/site-packages/OpenSSL/crypto.py(2137)dump_privatekey()
-> 0,
(Pdb) s
> /var/pipeline/a7TyGP2z/0/business/services/sdst/prodeploy/ese/ese/ese_virtualenv/lib/python3.11/site-packages/OpenSSL/crypto.py(2138)dump_privatekey()
-> helper.callback,
(Pdb) s
--Call--
> /var/pipeline/a7TyGP2z/0/business/services/sdst/prodeploy/ese/ese/ese_virtualenv/lib/python3.11/site-packages/OpenSSL/crypto.py(2910)callback()
-> @property
(Pdb) s
> /var/pipeline/a7TyGP2z/0/business/services/sdst/prodeploy/ese/ese/ese_virtualenv/lib/python3.11/site-packages/OpenSSL/crypto.py(2912)callback()
-> if self._passphrase is None:
(Pdb) s
> /var/pipeline/a7TyGP2z/0/business/services/sdst/prodeploy/ese/ese/ese_virtualenv/lib/python3.11/site-packages/OpenSSL/crypto.py(2914)callback()
-> elif isinstance(self._passphrase, bytes) or callable(self._passphrase):
(Pdb) s
> /var/pipeline/a7TyGP2z/0/business/services/sdst/prodeploy/ese/ese/ese_virtualenv/lib/python3.11/site-packages/OpenSSL/crypto.py(2915)callback()
-> return _ffi.callback("pem_password_cb", self._read_passphrase)
(Pdb) s
MemoryError: Cannot allocate write+execute memory for ffi.callback(). You might be running on a system that prevents this. For more information, see https://cfo/en/latest/using.html#callbacks
> /
Package                   Version
------------------------- ---------
altgraph                  0.17.4
annotated-types           0.6.0
asn1crypto                1.5.1
astroid                   2.15.8
attrs                     21.2.0
autocommand               2.2.2
Automat                   22.10.0
certifi                   2022.12.7
cffi                      1.15.1
charset-normalizer        2.0.10
cheroot                   8.2.1
CherryPy                  18.8.0
contextlib2               21.6.0
coverage                  7.2.2
cryptography              41.0.3
dill                      0.3.7
docutils                  0.20.1
future                    0.18.2
idna                      3.3
inflect                   7.0.0
iniconfig                 2.0.0
isort                     5.12.0
jaraco.collections        4.0.0
jaraco.context            4.3.0
jaraco.functools          3.3.0
jaraco.text               3.11.1
lazy-object-proxy         1.9.0
linecache2                1.0.0
lockfile                  0.12.2
lxml                      4.9.3
mccabe                    0.7.0
mock                      3.0.5
more-itertools            8.8.0
netifaces                 0.10.9
nose                      1.3.7
packaging                 20.4
paho-mqtt                 1.5.0
pem                       21.2.0
pip                       23.2.1
platformdirs              3.11.0
pluggy                    1.3.0
portend                   2.7.1
psutil                    5.9.4
pyarmor                   8.2.8
pyarmor.cli.core          3.2.9
pyarmor.cli.core.freebsd  3.2.9
pycparser                 2.20
pydantic                  2.4.2
pydantic_core             2.10.1
pyfakefs                  5.2.0
pyinstaller               5.13.0
pyinstaller-hooks-contrib 2023.10
pylint                    2.17.2
Pympler                   0.8
pyOpenSSL                 23.2.0
pyparsing                 2.4.7
PySocks                   1.7.1
pytest                    7.2.2
pytest-random-order       1.1.0
pytest-timeout            2.1.0
python-daemon             2.2.4
python-whois              0.7.2
pytz                      2021.1
repoze.lru                0.7
requests                  2.27.1
requests-toolbelt         0.9.1
Routes                    2.5.1
rpmfile                   1.0.3
schema                    0.7.5
semantic-version          2.8.3
setuptools                67.2.0
six                       1.16.0
tempora                   4.1.1
tomlkit                   0.12.1
traceback2                1.4.0
typing_extensions         4.8.0
unittest-xml-reporting    3.2.0
unittest2                 1.1.0
urllib3                   1.26.8
websocket-client          0.57.0
wrapt                     1.15.0
xmlrunner                 1.7.7
zc.lockfile               2.0
ngie-eign commented 7 months ago

This is the same issue as #873. Please close as a duplicate if possible.

Soujanya459 commented 7 months ago

There is no solution from Openssl 3 or in our OS... and No suggestion in #873 worked for us.. But we modified our code by replacing PyOpenssl code where it calls _ffi.callback() to cryptography(pypackage) alternatives.. So not getting this error in our application ..