On Thu, May 24, 2012 at 8:16 AM, Sudarshan Raghavan <sudarshan.t.ragha...@gmail.com> wrote: > Hi, > > I am using CRYPTO_set_mem_functions to use our own custom memory > routines in a non blocking proxy implementation. This was working fine > in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the custom free > routine is being invoked with a NULL argument after calling SSL_free > and this results in the proxy crashing. > > #3 0x0828bd24 in CUSTOM_FREE (oldMem=0x0) at custom_mem.c:340 > #4 0xb75342b4 in CRYPTO_free () from > /home/product/code/firmware/current/lib/openssl1.0/lib/libcrypto.so.1.0.0 > #5 0x00000000 in ?? () > > This happens every time the SSL connections is torn down. If I don't > use CRYPTO_set_mem_functions it works fine. I am assuming the default > free routine ignores a NULL argument. Is it an expectation from the > custom free routine to also ignore NULL? I can provide more > information if needed. Can someone help me debug this problem. Agreed on non-NULL pointers.
Perhaps I'm looking at the wrong free function (or I'm not reading/deducing correct behavior), but it looks like a double free to me: void CRYPTO_free(void *str) { if (free_debug_func != NULL) free_debug_func(str, 0); #ifdef LEVITTE_DEBUG fprintf(stderr, "LEVITTE_DEBUG: < 0x%p\n", str); #endif free_func(str); if (free_debug_func != NULL) free_debug_func(NULL, 1); } Regarding parameter validation, below is a perfect example since free (from above) does not appear to include a size. Are implementations verifying `num` is not less than 0 since it is defined as an integer? Its clear the OpenSSL code is not verifying its parameters. What's not clear to me is why one can even specify a negative size. void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; allow_customize = 0; if (malloc_debug_func != NULL) { allow_customize_debug = 0; malloc_debug_func(NULL, num, file, line, 0); } ret = malloc_func(num); #ifdef LEVITTE_DEBUG fprintf(stderr, "LEVITTE_DEBUG: > 0x%p (%d)\n", ret, num); #endif if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1); return ret; } ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org