[openssl.org #2824] Bug ? - Not Thread-safety for SSL Key usage im requests ?

Tue, 22 May 2012 05:01:54 -0700 

Hello,

We have here a programm which sends multithreaded requests to a lot of
addresses using SSL Context with ONE SSL-Keyfile for all requests.

The SOAP requests are send via gSOAP 2.7.9 functions which uses OpenSSL calls.
We test on different LINUX OS where OpenSSL from minimumversion 0.9.8
is available.

The more addresses we call the oftener we get now core dumps in OpenSSL.

Sample

Program terminated with signal 6, Aborted.
#0 0xffffe410 in __kernel_vsyscall ()
(gdb) #0 0xffffe410 in __kernel_vsyscall ()
#1 0xf6c98a30 in raise () from /lib/libc.so.6
#2 0xf6c9a153 in abort () from /lib/libc.so.6
#3 0xf6cce08b in __libc_message () from /lib/libc.so.6
#4 0xf6cd3a51 in malloc_printerr () from /lib/libc.so.6
#5 0xf6cd5224 in free () from /lib/libc.so.6
#6 0xf71eb1ad in CRYPTO_free ()

for a 0.9.8a OpenSSL on a SUSE10

The test calls without SSL-Key usage but https://*** do not crash.

Is this a known effect - can something be done (circumvented)

hopefully

--
Christiane Kämpfe                         
[email protected]<mailto:[email protected]>
FTS PDG SV SW 4                          Telephone:      +49  (0) 89 3222  2298
FUJITSU TECHNOLOGY SOLUTIONS GMBH
Domagkstr. 28
D-80807 Munic

Hello,

 

We have here a programm which sends multithreaded requests to a lot of

addresses using SSL Context with ONE SSL-Keyfile for all requests.

 

The SOAP requests are send via gSOAP 2.7.9 functions which uses OpenSSL calls.

We test on different LINUX OS where OpenSSL from minimumversion 0.9.8

is available.

 

The more addresses we call the oftener we get now core dumps in OpenSSL.

 

Sample

 

Program terminated with signal 6, Aborted.

#0 0xffffe410 in __kernel_vsyscall ()

(gdb) #0 0xffffe410 in __kernel_vsyscall ()

#1 0xf6c98a30 in raise () from /lib/libc.so.6

#2 0xf6c9a153 in abort () from /lib/libc.so.6

#3 0xf6cce08b in __libc_message () from /lib/libc.so.6

#4 0xf6cd3a51 in malloc_printerr () from /lib/libc.so.6

#5 0xf6cd5224 in free () from /lib/libc.so.6

#6 0xf71eb1ad in CRYPTO_free ()

 

for a 0.9.8a OpenSSL on a SUSE10

 

The test calls without SSL-Key usage but https://*** do not crash.

 

Is this a known effect - can something be done (circumvented)

 

hopefully

 

--
Christiane K?mpfe                      ? ?[email protected]
FTS PDG SV SW 4           ?????????????? Telephone:      +49  (0) 89 3222  2298
FUJITSU TECHNOLOGY SOLUTIONS GMBH
Domagkstr. 28
D-80807 Munic

 

 

 

Reply via email to