Hi!
I would like to close this since it's not a bug.
Best regards,
Fredrik Jansson
On Mon, Oct 28, 2013 at 9:33 AM, The default queue via RT
<r...@openssl.org>wrote:
>
> Greetings,
>
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding:
> "Segfault in d1_pkt.c in FIPS mode",
> a summary of which appears below.
>
> There is no need to reply to this message right now. Your ticket has been
> assigned an ID of [openssl.org #3152].
>
> Please include the string:
>
> [openssl.org #3152]
>
> in the subject line of all future correspondence about this issue. To do
> so,
> you may reply to this message.
>
> Thank you,
> r...@openssl.org
>
> -------------------------------------------------------------------------
> OpenSSL 1.0.1e
>
> In the function dtls1_get_record the pointer p is initialized to NULL at
> function entry. Later the pointer may be initialized inside an if
> statement. The pointer is later dereferenced, w/o null check, resulting in
> a segfault.
>
> In our product this only happens when OpenSSL is in FIPS mode.
>
> I have supplied a simple patch that solves the problem on my test machines.
>
> Best regards,
> Fredrik Jansson
>
> "Pseudo code"
>
> unsigned char *p = NULL;
>
> ...
>
> if ( (s->rstate != SSL_ST_READ_BODY) ||
>
> (s->packet_length < DTLS1_RT_HEADER_LENGTH))
>
> {
>
> ...
>
> p = s->packet;
>
> ...
>
> }
>
> ...
>
> if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE &&
>
> *p == SSL3_MT_CLIENT_HELLO) &&
>
> !dtls1_record_replay_check(s, bitmap)) { ... }
>
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
