Got some more info on this bug. It's a memory use after free.
There's a problem with ssl_st::write_hash. It's cached
in dtls1_buffer_message() function for each handshake message and got freed
and replaced by new hash context when forming Change Cipher Spec message
(in ssl_replace_hash(), see
Got some more info on this bug. It's a memory use after free.
There's a problem with ssl_st::write_hash. It's cached
in dtls1_buffer_message() function for each handshake message and got freed
and replaced by new hash context when forming Change Cipher Spec message
(in ssl_replace_hash(), see
I've added some error and sanity checking to the relevant piece of code.
OpenSSL *should* just end up reporting an internal error now if that happens
instead of crashing. If you end up with lots of those then it may need further
investigation.
The new code is here:
Attaching slightly modified sample which reproduces the problem (previous
one did not work sometimes).
Can be built as
g++ -o dtlstest main.cpp -std=c++11 -lssl -lcrypto -lpthread -g
On Wed, Dec 18, 2013 at 3:06 PM, Dmitry Sobinov via RT r...@openssl.orgwrote:
Got some more info on this bug.
Attaching slightly modified sample which reproduces the problem (previous
one did not work sometimes).
Can be built as
g++ -o dtlstest main.cpp -std=c++11 -lssl -lcrypto -lpthread -g
On Wed, Dec 18, 2013 at 3:06 PM, Dmitry Sobinov via RT r...@openssl.orgwrote:
Got some more info on this bug.
On 12/18/13, 7:40 AM, Stephen Henson via RT r...@openssl.org wrote:
I've added some error and sanity checking to the relevant piece of code.
OpenSSL *should* just end up reporting an internal error now if that
happens
instead of crashing. If you end up with lots of those then it may need
further
On Wed, Dec 18, 2013, Ron Barber via RT wrote:
Thanks Steve. After applying the patch and letting it run in production
for approx. 5 hours I did not see any crashes. The only suspicious (i.e.
Change in behavior from previous) looking error message was two of these:
[Dec 18 15:27:51.789]
On Sun Sep 15 14:53:12 2013, dmy...@frankopak.com wrote:
I have discussed this situation with some Squid developers and we
decided - after SSL error 1408F10B calling standard/raw read()
instead of SSL_read() for empty socket buffer and this patch
stopped crash Squid.
In general you can't