On Thu Jan 30 07:17:19 2014, [email protected] wrote: > To OpenSSL Support: > > We would like to report an OpenSSL crash that occurs randomly at the > call to BIO_test_flags() in the file crypto/bio/bio_lib.c. It > happens with various versions of OpenSSL-0.9.8 (r, x, ...) and the > problem seems to be BIO_test_flags() was dereferencing the input > pointer 'BIO *b' without first null-checking it, resulting in a > crash when b happens to be null. >
The problem is more related to that BIO and where it ultimately comes from. >From the stack trace: > > #8 0x01ad0ad9 in BIO_test_flags (b=0x0, flags=15) at bio_lib.c:151 > > #9 0x01ad16bc in BIO_copy_next_retry (b=0xb41db140) at bio_lib.c:569 > > #10 0x01ad509a in buffer_ctrl (b=0xb41db140, cmd=11, num=0, ptr=0x0) > at bf_buff.c:410 > This shows we have a buffering BIO in use and it is attempting to copy retry reasons when it is being flushed. A buffering BIO should always have a source/sink BIO (in DTLS it will typically be a socket BIO) following it but in this case it doesn't have anything. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
