Hello, not sure which is preferred way to report bugs to the OpenSSL team, hope this is OK. If not please let me know how to proceed.
I can reliably reproduce a crash with openssl-1.0.0j-2.fc17.x86_64 (up to date fedora 17). I'm using ncat (SVN version, from https://svn.nmap.org) and nmap (SVN trunk too). # ncat -l --keep-open --ssl localhost 443 In a second shell: # nmap -sSC -n -Pn --top-ports 100 -T4 127.0.0.0/8 After a short moment, nsock crashes. I could generate the following backtrace with gdb: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7bd2788 in main_arena () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff7bd2788 in main_arena () from /lib64/libc.so.6 #1 0x000000000040efe9 in ssl_handshake (sinfo=0x64ca30) at ncat_ssl.c:594 #2 0x000000000040a07e in ncat_listen_stream (proto=6) at ncat_listen.c:283 #3 0x000000000040b8e3 in ncat_listen () at ncat_listen.c:786 #4 0x00000000004065cc in ncat_listen_mode () at ncat_main.c:794 #5 0x0000000000406218 in main (argc=6, argv=0x7fffffffe398) at ncat_main.c:704 You can directly see the calling code at: https://svn.nmap.org/nmap/ncat/ncat_ssl.c (and search for "SSL_accept"). Hope this helps. Let me know if I can provide more information. Regards. -- HenriHello,
not sure which is preferred way to report bugs to the OpenSSL team, hope this is OK. If not please let me know how to proceed.
I can reliably reproduce a crash with openssl-1.0.0j-2.fc17.x86_64 (up to date fedora 17). I'm using ncat (SVN version, from https://svn.nmap.org) and nmap (SVN trunk too).
# ncat -l --keep-open --ssl localhost 443
In a second shell:
# nmap -sSC -n -Pn --top-ports 100 -T4 127.0.0.0/8
After a short moment, nsock crashes. I could generate the following backtrace with gdb:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7bd2788 in main_arena () from /lib64/libc.so.6
(gdb) bt
#0? 0x00007ffff7bd2788 in main_arena () from /lib64/libc.so.6
#1? 0x000000000040efe9 in ssl_handshake (sinfo=0x64ca30) at ncat_ssl.c:594
#2? 0x000000000040a07e in ncat_listen_stream (proto=6) at ncat_listen.c:283
#3? 0x000000000040b8e3 in ncat_listen () at ncat_listen.c:786
#4? 0x00000000004065cc in ncat_listen_mode () at ncat_main.c:794
#5? 0x0000000000406218 in main (argc=6, argv=0x7fffffffe398) at ncat_main.c:704
You can directly see the calling code at: https://svn.nmap.org/nmap/ncat/ncat_ssl.c (and search for "SSL_accept").
Hope this helps. Let me know if I can provide more information.
Regards.
--
Henri
