Hello, On Wed, Oct 28, 2015 at 10:33:11PM +0000, Kurt Roeckx via RT wrote: > On Wed, Oct 28, 2015 at 12:58:09AM +0000, Willy TARREAU via RT wrote: > > This patch fixes a NULL dereference issue when SSL_new() fails due to a > > low memory condition. Here it is possible that ssl3_new() fails, but > > despite this ssl3_free() is called along the error path and doesn't check > > that s->s3 is valid before dereferencing it. > > This was actually already reported with the same patch last week.
Ah cool! > But I want to look in the whole error handling of SSL_new(). For sure! The other patch touches SSL_new() as well and... it's not the best place to be when an error occurs! But that's the problem with any constructor, it's hard to perform the cleanup after things are half-initialized. > PS: Are you using some tool to try and find those issues? No, just a customer with production traffic reporting a crash every 5 minutes :-) We enabled core dumps and found the two locations for which I proposed a patch. At least these patches have fixed all the issues in the lab, I'll wait for the customer's feedback. I'm still having a doubt since the customer faced one segfault in libcrypto which I have not reproduced, but since there were a lot of fixes in this area between 1.0.1p and 1.0.1-stable, I picked all the pending patches to see if they're enough to fix this issue for the customer. That's all the information I can bring at the moment. Best regards, Willy _______________________________________________ openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
