subject:"\[openssl.org #3592\] bug report. Crash. Critical\? Security bug\?"

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2016-02-03 Thread Rich Salz via RT

There were some openssl DTLS bugs that MAtt found and fixed, and the last word in this ticket was that there were Asterisk bugs causing memory corruption. Closing ticket. ___ openssl-dev mailing list To unsubscribe:

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-25 Thread Вячеслав Бадалян via RT

i found that Asterisk do corruption in SSL. I will fix it and replay to you 2014-12-25 5:58 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: New place crash (gdb) bt #0 0x0037c9e32625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x0037c9e33e05 in abort ()

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-24 Thread Вячеслав Бадалян via RT

New place crash (gdb) bt #0 0x0037c9e32625 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x0037c9e33e05 in abort () at abort.c:92 #2 0x003dbac69e3f in OpenSSLDie (file=value optimized out, line=value optimized out, assertion=value optimized out) at

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-18 Thread Matt Caswell via RT

On Thu Dec 18 04:54:57 2014, v.badal...@open-bs.ru wrote: Thanks! Great! 6000 calls. No crashes or leaks only messages like this in asterisk [2014-12-18 04:59:20] ERROR[31074][C-13d4] res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x298c1d68' due to reason 'digest check

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-17 Thread Вячеслав Бадалян via RT

Thanks! Great! 6000 calls. No crashes or leaks only messages like this in asterisk [2014-12-18 04:59:20] ERROR[31074][C-13d4] res_rtp_asterisk.c: DTLS failure occurred on RTP instance '0x298c1d68' due to reason 'digest check failed', terminating [2014-12-18 04:59:28]

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-16 Thread Matt Caswell via RT

On Mon Dec 15 13:39:43 2014, v.badal...@open-bs.ru wrote: Got assert d1_both.c(296): OpenSSL internal error, assertion failed: s-init_num == (int)s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH To confirm: you did retain your change to check the return value from dtls1_output_cert_chain? The

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-15 Thread Вячеслав Бадалян via RT

Hello. We got openssl assert on header len... sorry i can't send it to you becouse i delete screen log :( 2014-12-14 4:07 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: We got openssl assert. 13 дек. 2014 г. 17:49 пользователь Вячеслав Бадалян v.badal...@open-bs.ru написал: Thanks! I

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-15 Thread Вячеслав Бадалян via RT

On vagrind we got this ==48882== Thread 40: ==48882== Invalid write of size 8 ==48882==at 0x4A0B4BC: memset (vg_replace_strmem.c:1094) ==48882==by 0x34354DAB63: BUF_MEM_grow_clean (buffer.c:152) ==48882==by 0x34354DC512: mem_write (bss_mem.c:189) ==48882==by 0x34354DB746:

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-15 Thread Вячеслав Бадалян via RT

Got assert d1_both.c(296): OpenSSL internal error, assertion failed: s-init_num == (int)s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH 2014-12-15 15:19 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: On vagrind we got this ==48882== Thread 40: ==48882== Invalid write of size 8 ==48882==

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-13 Thread Вячеслав Бадалян via RT

Thanks! I apply patch and run test robot. On monday will send to you results. 2014-12-12 19:13 GMT+03:00 Matt Caswell via RT r...@openssl.org: On Wed Dec 10 10:08:48 2014, v.badal...@open-bs.ru wrote: Also valgrind output ==17767== Thread 37: ==17767== Source and destination overlap

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-12 Thread Matt Caswell via RT

On Wed Dec 10 09:18:57 2014, v.badal...@open-bs.ru wrote: Looks like need add some check to return code len I agree. Co-incidentally I already have a very similar fix for the same defect going through the review process. Matt ___ openssl-dev

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-12 Thread Matt Caswell via RT

On Wed Dec 10 10:08:48 2014, v.badal...@open-bs.ru wrote: Also valgrind output ==17767== Thread 37: ==17767== Source and destination overlap in memcpy(0x253bfcbd, 0x7e9c51b, 4294967209) This is interesting. That equates to -87. I think there is a signed/unsigned conversion issue

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-10 Thread Вячеслав Бадалян via RT

Sorry. Line 1244 is OPENSSL_assert(s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s-init_num); 2014-12-10 11:05 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: (gdb) p s-d1-w_msg_hdr.msg_len $2 = 0 (gdb) p s-init_num $3 = 0

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-10 Thread Вячеслав Бадалян via RT

Looks like need add some check to return code len 2014-12-10 11:06 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: Sorry. Line 1244 is OPENSSL_assert(s-d1-w_msg_hdr.msg_len + DTLS1_HM_HEADER_LENGTH == (unsigned int)s-init_num); 2014-12-10

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-10 Thread Вячеслав Бадалян via RT

Hello. I begin test you patch. I attach to mail patched version of you patch wthat may clear added current SRPM of Centos 6 2014-12-03 5:16 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: Thanks! I need time to test it... i will try answer at this week 2014-12-02 19:37 GMT+03:00 Matt

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-10 Thread Вячеслав Бадалян via RT

After add check get crash 2014-12-10 11:18 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: Looks like need add some check to return code len 2014-12-10 11:06 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: Sorry. Line 1244 is OPENSSL_assert(s-d1-w_msg_hdr.msg_len +

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-10 Thread Вячеслав Бадалян via RT

(gdb) p s-d1-w_msg_hdr.msg_len $2 = 0 (gdb) p s-init_num $3 = 0 2014-12-10 10:59 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: Get again ASSERT in d1_both.c:1244 OPENSSL_assert(s-d1-w_msg_hdr.msg_len + ((s-version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-10 Thread Вячеслав Бадалян via RT

Get again ASSERT in d1_both.c:1244 OPENSSL_assert(s-d1-w_msg_hdr.msg_len + ((s-version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned int)s-init_num); } 2014-12-10 6:32 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: Hello. I begin test you

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-10 Thread Вячеслав Бадалян via RT

Also valgrind output ==17767== Thread 37: ==17767== Source and destination overlap in memcpy(0x253bfcbd, 0x7e9c51b, 4294967209) ==17767==at 0x4A09A48: memcpy (vg_replace_strmem.c:916) ==17767==by 0x4E5A2B6: do_dtls1_write (d1_pkt.c:1592) ==17767==by 0x4E5DA69: dtls1_do_write

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-02 Thread Вячеслав Бадалян via RT

if you send patch i can add it to SRPM build and try results 2014-12-02 19:02 GMT+03:00 Matt Caswell via RT r...@openssl.org: On Sun Nov 30 01:34:37 2014, matt wrote: On Fri Nov 28 17:40:59 2014, v.badal...@open-bs.ru wrote: Full backtrace Thanks! That's a big help. I have managed to

[openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-02 Thread Matt Caswell via RT

On Tue Dec 02 17:31:05 2014, v.badal...@open-bs.ru wrote: if you send patch i can add it to SRPM build and try results The patch is attached. However you may have problems with this approach. I have built the patch for 1.0.1e (which is the version you originally said you were running). However

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-12-02 Thread Вячеслав Бадалян via RT

Thanks! I need time to test it... i will try answer at this week 2014-12-02 19:37 GMT+03:00 Matt Caswell via RT r...@openssl.org: On Tue Dec 02 17:31:05 2014, v.badal...@open-bs.ru wrote: if you send patch i can add it to SRPM build and try results The patch is attached. However you may

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-28 Thread Вячеслав Бадалян via RT

Hmm try add ENV... valgrind is clear but asterisk crash with d1_both.c(332): OpenSSL internal error, assertion failed: len = DTLS1_HM_HEADER_LENGTH 2014-11-24 20:06 GMT+03:00 Matt Caswell via RT r...@openssl.org: On Sat Nov 22 13:19:13 2014, v.badal...@open-bs.ru wrote: Find this:

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-28 Thread Вячеслав Бадалян via RT

Full backtrace 2014-11-28 19:26 GMT+03:00 Вячеслав Бадалян v.badal...@open-bs.ru: Hmm try add ENV... valgrind is clear but asterisk crash with d1_both.c(332): OpenSSL internal error, assertion failed: len = DTLS1_HM_HEADER_LENGTH 2014-11-24 20:06 GMT+03:00 Matt Caswell via RT

[openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-24 Thread Matt Caswell via RT

On Sat Nov 22 13:19:13 2014, v.badal...@open-bs.ru wrote: Find this: https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=987158 http://openssl.6102.n7.nabble.com/AES-cbc-encrypt-amp-aesni-cbc- encrypt-length-parameter-td52370.html

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-22 Thread Вячеслав Бадалян via RT

We fix all leaks in asteris and libsrtp many calls have one leak path ==44910== Use of uninitialised value of size 8 ==44910==at 0x4A08DEF: memcpy (mc_replace_strmem.c:882) ==44910==by 0x38E3EFD266: c2i_ASN1_INTEGER (string3.h:52) ==44910==by 0x38E3F08823: asn1_ex_c2i

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-22 Thread Вячеслав Бадалян via RT

Find this: https://bugzilla.redhat.com/show_bug.cgi?format=multipleid=987158 http://openssl.6102.n7.nabble.com/AES-cbc-encrypt-amp-aesni-cbc-encrypt-length-parameter-td52370.html http://www.hardening-consulting.com/en/posts/20140512openssl-and-valgrind.html 2014-11-22 15:09 GMT+03:00 Вячеслав

[openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-12 Thread Matt Caswell via RT

That link just asks me to log in? __ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager

[openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-12 Thread Matt Caswell via RT

On Thu Nov 06 10:38:23 2014, v.badal...@open-bs.ru wrote: HI all CentOS x86_64 release 6.6 (Final) OpenSSL version OpenSSL 1.0.1e-fips 11 Feb 2013 # rpm -qa | grep openssl openssl-devel-1.0.1e-30.el6_6.2.x86_64 openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64 openssl-1.0.1e-30.el6_6.2.x86_64

[openssl.org #3592] bug report. Crash. Critical? Security bug?

2014-11-06 Thread Вячеслав Бадалян via RT

HI all CentOS x86_64 release 6.6 (Final) OpenSSL version OpenSSL 1.0.1e-fips 11 Feb 2013 # rpm -qa | grep openssl openssl-devel-1.0.1e-30.el6_6.2.x86_64 openssl-debuginfo-1.0.1e-30.el6_6.2.x86_64 openssl-1.0.1e-30.el6_6.2.x86_64 Please look to

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

Re: [openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl.org #3592] bug report. Crash. Critical? Security bug?

[openssl.org #3592] bug report. Crash. Critical? Security bug?

30 matches

Site Navigation

Mail list logo

Footer information