Re: [openssl.org #3199] [BUG] Crash in DTLS renegotiation after packet loss

2013-12-18 Thread Dmitry Sobinov via RT
Got some more info on this bug. It's a memory use after free. There's a problem with ssl_st::write_hash. It's cached in dtls1_buffer_message() function for each handshake message and got freed and replaced by new hash context when forming Change Cipher Spec message (in ssl_replace_hash(), see

Re: [openssl.org #3199] [BUG] Crash in DTLS renegotiation after packet loss

2013-12-18 Thread Dmitry Sobinov
Got some more info on this bug. It's a memory use after free. There's a problem with ssl_st::write_hash. It's cached in dtls1_buffer_message() function for each handshake message and got freed and replaced by new hash context when forming Change Cipher Spec message (in ssl_replace_hash(), see

[openssl.org #3200] Crash in OpenSSL 1.0.1e w/TLS 1.2 (under load)

2013-12-18 Thread Stephen Henson via RT
I've added some error and sanity checking to the relevant piece of code. OpenSSL *should* just end up reporting an internal error now if that happens instead of crashing. If you end up with lots of those then it may need further investigation. The new code is here:

Re: [openssl.org #3199] [BUG] Crash in DTLS renegotiation after packet loss

2013-12-18 Thread Dmitry Sobinov
Attaching slightly modified sample which reproduces the problem (previous one did not work sometimes). Can be built as g++ -o dtlstest main.cpp -std=c++11 -lssl -lcrypto -lpthread -g On Wed, Dec 18, 2013 at 3:06 PM, Dmitry Sobinov via RT r...@openssl.orgwrote: Got some more info on this bug.

Fwd: [openssl.org #3199] [BUG] Crash in DTLS renegotiation after packet loss

2013-12-18 Thread Dmitry Sobinov via RT
Attaching slightly modified sample which reproduces the problem (previous one did not work sometimes). Can be built as g++ -o dtlstest main.cpp -std=c++11 -lssl -lcrypto -lpthread -g On Wed, Dec 18, 2013 at 3:06 PM, Dmitry Sobinov via RT r...@openssl.orgwrote: Got some more info on this bug.

Re: [openssl.org #3200] Crash in OpenSSL 1.0.1e w/TLS 1.2 (under load)

2013-12-18 Thread Ron Barber via RT
On 12/18/13, 7:40 AM, Stephen Henson via RT r...@openssl.org wrote: I've added some error and sanity checking to the relevant piece of code. OpenSSL *should* just end up reporting an internal error now if that happens instead of crashing. If you end up with lots of those then it may need further

Re: [openssl.org #3200] Crash in OpenSSL 1.0.1e w/TLS 1.2 (under load)

2013-12-18 Thread Stephen Henson via RT
On Wed, Dec 18, 2013, Ron Barber via RT wrote: Thanks Steve. After applying the patch and letting it run in production for approx. 5 hours I did not see any crashes. The only suspicious (i.e. Change in behavior from previous) looking error message was two of these: [Dec 18 15:27:51.789]

[openssl.org #3128] bug report: segfault after error 1408F10B

2013-12-18 Thread Stephen Henson via RT
On Sun Sep 15 14:53:12 2013, dmy...@frankopak.com wrote: I have discussed this situation with some Squid developers and we decided - after SSL error 1408F10B calling standard/raw read() instead of SSL_read() for empty socket buffer and this patch stopped crash Squid. In general you can't