Howdy,
I seem to have come across a bug in OpenSSL. In general, it performs
flawlessly. My problem is a segmentation fault by the client when I
arbitrarly kill the server (serious testing going on here). I recompiled
OpenSSL with the -g parameter, and ran my client under gdb. Here is the
session output:
============================================
Program received signal SIGSEGV, Segmentation fault.
0x0 in ?? ()
(gdb) where
#0 0x0 in ?? ()
#1 0x8054a7f in ssl3_write_bytes (s=0x80b8c98, type=23, buf=0xbfffe804 "",
len=8) at s3_pkt.c:492
#2 0x8052743 in ssl3_write (s=0x80b8c98, buf=0xbfffe804 "", len=8) at
s3_lib.c:890
#3 0x8057b17 in SSL_write (s=0x80b8c98, buf=0xbfffe804 "", num=8) at
ssl_lib.c:598
#4 0x8049d4f in REDI_send_message (hc=0x80b3a10, data=0xbffff7d0, size=88,
type=6) at redi_lib.c:226
#5 0x804965b in main (argc=2, argv=0xbffff848) at
realsecure_event_deliver.c:120
(gdb) up
#1 0x8054a7f in ssl3_write_bytes (s=0x80b8c98, type=23, buf=0xbfffe804 "",
len=8) at s3_pkt.c:492
492 i=s->handshake_func(s);
(gdb) print *s
$2 = {version = 768, type = 4096, method = 0x80a69e0, rbio = 0x80cd6f0, wbio
= 0x80ca2f0, bbio = 0x80ca2f0, rwstate = 1,
in_handshake = 0, handshake_func = 0, new_session = 0, quiet_shutdown = 0,
shutdown = 0, state = 4560, rstate = 240,
init_buf = 0x80ccde8, init_num = 0, init_off = 0, packet = 0x80c12d0
"\026\003", packet_length = 0, s2 = 0x0, s3 = 0x80cd3f8,
read_ahead = 0, hit = 0, cipher_list = 0x0, cipher_list_by_id = 0x0,
enc_read_ctx = 0x0, read_hash = 0x0, expand = 0x0,
enc_write_ctx = 0x80cdbf8, write_hash = 0x80a4fb4, compress = 0x0, cert =
0x80b7a58, session = 0x80cab48, verify_mode = 1,
verify_callback = 0x804a354 <verify_callback>, info_callback = 0, error =
0, error_code = 0, ctx = 0x80b79a8, debug = 0,
verify_result = 0, ex_data = {sk = 0x0, dummy = 0}, client_CA = 0x0,
references = 1, options = 0, first_packet = 0}
(gdb) print *buf
$3 = 0 '\000'
(gdb) print len
$4 = 8
(gdb) print *buf
$5 = 0 '\000'
(gdb)
==========================================
It looks like an anonymous function is (s->handshake_func(s) in the source
code) is failing. But, it looks rather suspicious that buf = 0 yet len = 8.
A server dying is a situation that's bound to happen, and I can't have my
clients dying as a result. I'll probe around the code further, but I thought
I should throw out the problem, in case there were any other thoughts.
Thanks,
John
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
