_____
From: [email protected] [mailto:[email protected]]
On Behalf Of Ger Hobbelt
Sent: Tuesday, 10 May, 2011 07:06
On Mon, May 9, 2011 at 9:15 PM, Michael Gale <[email protected]> wrote:
I checked OpenSSL 1.0.0d release and the same comment is there "does not
happen". If it does not happen why is it being checked?
Same comment, and error code, but slightly different logic leading to it in
1.0.0.
Might be more correctly stated as '/* _should_ not happen */' - see the
code: it's a basic sanity check to ensure the BIO_read() doesn't overrun the
rx buffer, which would cause arbitrary memory corruption if the BIO_read()
were allowed to do that. The error is keeping you from worse (and even
harder to debug) things happening to you.
Agree.
<snip>
I haven't seen this error before, but what might help you in improving
diagnosis, assuming you can build your own openSSL (+ python glue code ?),
is adding a bit of info to the error report plus activating the openssl
assertions in the build. Then you can add these lines (typed off the top of
my head, so reckon with the compiler yakking due to typos by me) to see
where the issue 'starts' within the function:
Or if you (OP) can run the affected program (AUIU a server to numerous
clients)
using a build with symbols in an interactive debugger (probably gdb)
and set a breakpoint and look interactively. This is typically quicker
to set up, but not as convenient if the bug triggers numerous times.
<snip>
171 if (n > max) /* does not happen */
172 {
char errbuf[120]; /* and here, it might be useful to have a look at the
rbuf, as by now we 'know' this will only fire when max was reduced above */
173 SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR);
sprintf(errbuf, ' @ line %d in ssl3_read_n: n = %d, max =
%d, rbuf.len = %d, packet_length = %d", n, max, (int)s->s3->rbuf.len,
(int)s->packet_length);
ERR_add_error_data(1, errbuf);
You don't have a value (like __LINE__) for the "line %d", and you don't
need it
because this error code (pkg/func/num) only occurs in one place.
Not to mention that adding debug code changes the linenumbers.
