Re: NULL ptr deref when calling SSL_get_certificate with 1.0.0k
My product got hit by this bug too. ( it uses 0.9.8y branch). I understand the fix is in main branch, but I am curious - will 0.9.8 be patched eventually? -- View this message in context: http://openssl.6102.n7.nabble.com/NULL-ptr-deref-when-calling-SSL-get-certificate-with-1-0-0k-tp43636p45271.html Sent from the OpenSSL - User mailing list archive at Nabble.com. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: NULL ptr deref when calling SSL_get_certificate with 1.0.0k
Hi Steve, I am also facing the same issue. If I want to to fix this bug, should the code for SSL_get_certificate() be restored to previous state? Is there any other place to be fixed? Thanks, -Vimol On Mon, Feb 11, 2013 at 10:21 PM, Dr. Stephen Henson st...@openssl.orgwrote: On Mon, Feb 11, 2013, Bogdan Harjoc wrote: I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer dereference when I call SSL_get_certificate on a valid SSL object. Backtrace: ssl_set_cert_masks:1845 ssl_get_server_send_pkey:2117 ssl_get_server_send_cert:2175 SSL_get_certificate:2605 ssl_get_server_send_pkey calls ssl_set_cert_masks(c, s-s3-tmp.new_cipher) and s-s3-tmp.new_cipher is NULL. SSL_get_certificate has changed from: if (s-cert != NULL) return(s-cert-key-x509); else return(NULL); to: if (s-server) return(ssl_get_server_send_cert(s)); else if (s-cert != NULL) return(s-cert-key-x509); else return(NULL); Apologies if I'm missing something obvious. I can come up with some simple code that reproduces this if needed. Ugh that's a bug. The behaviour of SSL_get_certificate was changed so it returned the certificate used (instead of the last one set) for OCSP stapling. A bug in the original was fixed in the master branch but didn't get included in other branches. It should work OK as long as you only call SSL_get_certificate after the connection is established. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: NULL ptr deref when calling SSL_get_certificate with 1.0.0k
On Tue, Mar 05, 2013, Vimol Kshetrimayum wrote: Hi Steve, I am also facing the same issue. If I want to to fix this bug, should the code for SSL_get_certificate() be restored to previous state? Is there any other place to be fixed? Effectively yes. The fix is here: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=147dbb2fe3bead7a10e2f280261b661ce7af7adc Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
NULL ptr deref when calling SSL_get_certificate with 1.0.0k
I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer dereference when I call SSL_get_certificate on a valid SSL object. Backtrace: ssl_set_cert_masks:1845 ssl_get_server_send_pkey:2117 ssl_get_server_send_cert:2175 SSL_get_certificate:2605 ssl_get_server_send_pkey calls ssl_set_cert_masks(c, s-s3-tmp.new_cipher) and s-s3-tmp.new_cipher is NULL. SSL_get_certificate has changed from: if (s-cert != NULL) return(s-cert-key-x509); else return(NULL); to: if (s-server) return(ssl_get_server_send_cert(s)); else if (s-cert != NULL) return(s-cert-key-x509); else return(NULL); Apologies if I'm missing something obvious. I can come up with some simple code that reproduces this if needed. Cheers, Bogdan
Re: NULL ptr deref when calling SSL_get_certificate with 1.0.0k
On Mon, Feb 11, 2013, Bogdan Harjoc wrote: I updated to openssl 1.0.1k from 1.0.0d and I get a NULL pointer dereference when I call SSL_get_certificate on a valid SSL object. Backtrace: ssl_set_cert_masks:1845 ssl_get_server_send_pkey:2117 ssl_get_server_send_cert:2175 SSL_get_certificate:2605 ssl_get_server_send_pkey calls ssl_set_cert_masks(c, s-s3-tmp.new_cipher) and s-s3-tmp.new_cipher is NULL. SSL_get_certificate has changed from: if (s-cert != NULL) return(s-cert-key-x509); else return(NULL); to: if (s-server) return(ssl_get_server_send_cert(s)); else if (s-cert != NULL) return(s-cert-key-x509); else return(NULL); Apologies if I'm missing something obvious. I can come up with some simple code that reproduces this if needed. Ugh that's a bug. The behaviour of SSL_get_certificate was changed so it returned the certificate used (instead of the last one set) for OCSP stapling. A bug in the original was fixed in the master branch but didn't get included in other branches. It should work OK as long as you only call SSL_get_certificate after the connection is established. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
