I am using openssl-1.0.1f. On mips64 platform.
Seeing a crash while cleaning up buffered_app_data.q during dtls1_free.
This queue is populated if the client receives application data between
ChangeCipherSpec and Finished messages. Are there known issues in this area
? Any help is greatly appreciated.
My code snippet:
if (peer->ssl != NULL) {
SSL_shutdown(peer->ssl);
SSL_free(peer->ssl);
peer->ssl = NULL;
}
Backtrace:
(gdb) bt
#0 0x0000000000000000 in ?? ()
#1 <signal handler called>
#2 __GI___libc_free (mem=0x3) at malloc.c:2892
#3 0x000000fff798e2a0 in CRYPTO_free (str=0x3) at mem.c:397
#4 0x000000fff7c1a930 in dtls1_clear_queues (s=0x1205b2e80) at d1_lib.c:180
#5 0x000000fff7c1a9f4 in dtls1_free (s=0x1205b2e80) at d1_lib.c:190
#6 0x000000fff7c26160 in SSL_free (s=0x1205b2e80) at ssl_lib.c:586
(gdb) frame 4
#4 0x000000fff7c1a930 in dtls1_clear_queues (s=0x1205b2e80) at d1_lib.c:180
180 OPENSSL_free(frag->fragment);
(gdb) p item
$10 = (pitem *) 0x120617070
(gdb) p *item
$11 = {
priority = "\000\000\000\000\000\000\000\003",
data = 0x1205c5de0,
next = 0x0
}
(gdb) p *frag
$12 = {
msg_header = {
type = 0 '\000',
msg_len = 3185310234,
seq = 0,
frag_off = 17744,
frag_len = 481036337152,
is_ccs = 23,
saved_retransmit_state = {
enc_write_ctx = 0x0,
write_hash = 0x12060b5d0,
compress = 0x12060b5d0,
session = 0x0,
epoch = 0
}
},
fragment = 0x3 <Address 0x3 out of bounds>,
reassembly = 0xd3e5f80c21374e66 <Address 0xd3e5f80c21374e66 out of bounds>
}
*Thanks in Advance*
*-Praveen*
