Re: [PATCH] Segfault in 1.0.1j BIO_reset() compiled with no-ssl2 no-ssl3
On Fri, Oct 17, 2014 at 6:47 AM, Frank Schmirler wrote: > On Thu, 16 Oct 2014 16:33:28 +0200, Frank Schmirler wrote >> I get the following segfault when trying to send an SSLv3 request to >> the reverse proxy "pound", running on openssl-1.0.1j with SSLv2/3 disabled: >> >> Program received signal SIGSEGV, Segmentation fault. >> 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at bio_ssl.c:312 >> 312 if (ssl->handshake_func == ssl->method->ssl_connect) > > Problem is that ssl23_get_server_method(SSL3_VERSION) returns NULL when > compiled with "no-ssl3", setting ssl->method to NULL. The attached patch adds > a define to ssl23_get_client_hello(...) to treat the "no-ssl3" just like the > "SSL_OP_NO_SSLv3" flag. Well, shooting from the hip If OpenSSL was configured with no-ssl3, then the following will be defined in : OPENSSL_NO_SSL3 So you might want to OR-in the flag only if OPENSSL_NO_SSL3 is defined. And treat the NULL return as an error otherwise. __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org
Re: [PATCH] Segfault in 1.0.1j BIO_reset() compiled with no-ssl2 no-ssl3
On Thu, 16 Oct 2014 16:33:28 +0200, Frank Schmirler wrote > I get the following segfault when trying to send an SSLv3 request to > the reverse proxy "pound", running on openssl-1.0.1j with SSLv2/3 disabled: > > Program received signal SIGSEGV, Segmentation fault. > 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at bio_ssl.c:312 > 312 if (ssl->handshake_func == ssl->method->ssl_connect) Problem is that ssl23_get_server_method(SSL3_VERSION) returns NULL when compiled with "no-ssl3", setting ssl->method to NULL. The attached patch adds a define to ssl23_get_client_hello(...) to treat the "no-ssl3" just like the "SSL_OP_NO_SSLv3" flag. Regards, Frank openssl-1.0.1j-no_ssl3.patch Description: application/download
Segfault in 1.0.1j BIO_reset() compiled with no-ssl2 no-ssl3
Hi, I get the following segfault when trying to send an SSLv3 request to the reverse proxy "pound", running on openssl-1.0.1j with SSLv2/3 disabled: Program received signal SIGSEGV, Segmentation fault. [Switching to LWP 14548] 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at bio_ssl.c:312 312 if (ssl->handshake_func == ssl->method->ssl_connect) (gdb) bt #0 0xb77498fa in ssl_ctrl (b=0xb7001010, cmd=1, num=0, ptr=0x0) at bio_ssl.c:312 #1 0xb75f8bf2 in BIO_ctrl (b=0xb7001010, cmd=1, larg=0, parg=0x0) at bio_lib.c:370 #2 0x0804e942 in do_http (arg=0x807ced0) at http.c:656 #3 0x080538d6 in thr_http_single (dummy=0x807ced0) at http.c:1793 #4 0xb74ee99b in ?? () from /lib/libpthread.so.0 #5 0xb745747e in clone () from /lib/libc.so.6 The problem is that ssl->method is NULL: (gdb) printf "%p\n", ((SSL*) ((BIO_SSL *)b->ptr)->ssl)->method (nil) The segfault does not occur if I additionally disable SSLv2/3 in the application: SSL_CTX_set_options(p->ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3); For your reference, here's the corresponding application code. Segfault occurs in BIO_reset() on line 641 (I'm using some patches, so line numbering from my backtrace is slightly off): https://github.com/goochjj/pound/blob/stage_for_upstream/v2.7b/http.c#L641 Maybe someone could take a look... Thanks, Frank __ OpenSSL Project http://www.openssl.org User Support Mailing Listopenssl-users@openssl.org Automated List Manager majord...@openssl.org