Re: [openssl.org #3470] [BUG] DTLS abort

Wed, 27 Aug 2014 12:33:50 -0700 

On 18 Aug 2014, at 21:47, Michael Tuexen <[email protected]> 
wrote:

> On 18 Aug 2014, at 16:31, Brian Hassink <[email protected]> wrote:
> 
>> Yes, this was observed for DTLS/SCTP.
> OK. The problem is an incorrect usage of OPENSSL_assert()... Let me see if I 
> can
> come-up with a patch...
Hi Brian,

please find attached a patch which fixes several usages of OPENSSL_assert()
and let me know if this resolves your issue.

Please note that you want also to apply the patch from
http://rt.openssl.org/Ticket/Display.html?id=3483&user=guest&pass=guest

Best regards
Michael

Attachment: OPENSSL_assert.patch
Description: Binary data

> 
> Best regards
> Michael
>> 
>> -Brian
>> 
>> -----Original Message-----
>> From: Michael Tüxen via RT [mailto:[email protected]] 
>> Sent: Thursday, August 14, 2014 6:17 PM
>> To: Brian Hassink
>> Cc: [email protected]
>> Subject: Re: [openssl.org #3470] [BUG] DTLS abort
>> 
>> 
>> On 22 Jul 2014, at 23:32, Brian Hassink via RT <[email protected]> wrote:
>> 
>>> OpenSSL:             1.0.1e
>>> 
>>> OS:                         Red Hat Enterprise Linux Server release 6.5 
>>> (Santiago)
>>> 
>>> 
>>> 
>>> Hello,
>>> 
>>> 
>>> 
>>> We recently did some negative testing against OpenSSL 1.0.1e, with a focus 
>>> on DTLS, and observed that the library, running on the peer, could be made 
>>> to abort by simply disconnecting during the handshake process.
>>> 
>>> 
>>> 
>>> The abort is due to a getsockopt() or setsockopt() call failing from within 
>>> dgram_sctp_read() because the socket descriptor has been rendered invalid 
>>> by the disconnect.
>> Did you test DTLS/UDP or DTLS/SCTP? Do you really mean dgram_sctp_read()?
>> 
>> Best regards
>> Michael
>>> 
>>> 
>>> 
>>> We ran the same scenario against TLS, but it is not affected.
>>> 
>>> 
>>> 
>>> ______________________________________________________________________
>>> OpenSSL Project                                 http://www.openssl.org
>>> Development Mailing List                       [email protected]
>>> Automated List Manager                           [email protected]
>>> 
>> 
>> ______________________________________________________________________
>> OpenSSL Project                                 http://www.openssl.org
>> Development Mailing List                       [email protected]
>> Automated List Manager                           [email protected]
>> 
> 
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> Development Mailing List                       [email protected]
> Automated List Manager                           [email protected]
>

Reply via email to