On Mon, Oct 20, 2014 at 11:10:51AM +0200, Frank Schmirler via RT wrote:
> On Fri, 17 Oct 2014 21:17:49 +0200, The default queue via RT wrote
> > On Thu, 16 Oct 2014 16:33:28 +0200, Frank Schmirler wrote
> > > I get the following segfault when trying to send an SSLv3 request to
> > > the reverse proxy "pound", running on openssl-1.0.1j with SSLv2/3
> > > disabled:
> > >
> > > Program received signal SIGSEGV, Segmentation fault.
> > > 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at
> > > bio_ssl.c:312
> > > 312 if (ssl->handshake_func ==
> > > ssl->method->ssl_connect)
> >
> > Problem is that ssl23_get_server_method(SSL3_VERSION) returns NULL when
> > compiled with "no-ssl3", setting ssl->method to NULL. The attached
> > patch adds a define to ssl23_get_client_hello(...) to treat the "no-
> > ssl3" just like the "SSL_OP_NO_SSLv3" flag.
>
> The same problem will also occur in an SSLv2 style handshake. Find attached an
> extended patch. Works without problems now.
Can you try the attached patch instead?
Kurt
diff --git a/ssl/s23_srvr.c b/ssl/s23_srvr.c
index 93ca7d5..de909b1 100644
--- a/ssl/s23_srvr.c
+++ b/ssl/s23_srvr.c
@@ -602,12 +602,14 @@ int ssl23_get_client_hello(SSL *s)
if ((type == 2) || (type == 3))
{
/* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */
- s->method = ssl23_get_server_method(s->version);
- if (s->method == NULL)
+ const SSL_METHOD *new_method;
+ new_method = ssl23_get_server_method(s->version);
+ if (new_method == NULL)
{
SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL);
goto err;
}
+ s->method = new_method;
if (!ssl_init_wbio_buffer(s,1)) goto err;
