[openssl-dev] [openssl.org #3592] bug report. Crash. Critical? Security bug?

Вячеслав Бадалян via RT rt at openssl.org
Thu Dec 25 02:58:29 UTC 2014 

New place crash

(gdb) bt

#0  0x00000037c9e32625 in raise (sig=6) at
../nptl/sysdeps/unix/sysv/linux/raise.c:64

#1  0x00000037c9e33e05 in abort () at abort.c:92

#2  0x0000003dbac69e3f in OpenSSLDie (file=<value optimized out>,
line=<value optimized out>, assertion=<value optimized out>) at
cryptlib.c:923

#3  0x0000003dbb03c220 in do_dtls1_write (s=0x7fff34010940, type=22,
buf=0x7fff1c0ac007 "\v", len=243, create_empty_fragment=0) at d1_pkt.c:1484

#4  0x0000003dbb03faf1 in dtls1_do_write (s=0x7fff34010940, type=22) at
d1_both.c:378

#5  0x0000003dbb038e07 in dtls1_accept (s=0x7fff34010940) at d1_srvr.c:426

#6  0x0000003dbb03d8ad in dtls1_read_bytes (s=0x7fff34010940, type=23,
buf=0x7fff34059488 "\026\376\377", len=121, peek=0) at d1_pkt.c:787

#7  0x0000003dbb027ed0 in ssl3_read_internal (s=0x7fff34010940,
buf=0x7fff34059488, len=121, peek=0) at s3_lib.c:4273

#8  0x00007fff9e952ef5 in __rtp_recvfrom (instance=0x7fff3405f288,
buf=0x7fff34059488, size=8192, flags=0, sa=0x7fff9aa1e370, rtcp=0) at
res_rtp_asterisk.c:2019

#9  0x00007fff9e95331f in rtp_recvfrom (instance=0x7fff3405f288,
buf=0x7fff34059488, size=8192, flags=0, sa=0x7fff9aa1e370) at
res_rtp_asterisk.c:2094

#10 0x00007fff9e95c621 in ast_rtp_read (instance=0x7fff3405f288, rtcp=0) at
res_rtp_asterisk.c:4127

#11 0x0000000000551bcf in ast_rtp_instance_read (instance=0x7fff3405f288,
rtcp=0) at rtp_engine.c:314

#12 0x00007fffb2ae07cd in sip_rtp_read (ast=0x7fff340ab648,
p=0x7fff3402f588, faxdetect=0x7fff9aa1e604) at chan_sip.c:8192

#13 0x00007fffb2ae0f7c in sip_read (ast=0x7fff340ab648) at chan_sip.c:8289

#14 0x000000000047cb05 in __ast_read (chan=0x7fff340ab648, dropaudio=0) at
channel.c:4054

#15 0x000000000047e8ae in ast_read (chan=0x7fff340ab648) at channel.c:4408

#16 0x00007fffa716ba1a in wait_for_answer (in=0x7fff340ab648,
out_chans=0x7fff9aa20970, to=0x7fff9aa2096c, peerflags=0x7fff9aa20ec0,
opt_args=0x7fff9aa201b0, pa=0x7fff9aa20290, num_in=0x7fff9aa20950,
result=0x7fff9aa2028c,

    dtmf_progress=0x0, ignore_cc=1, forced_clid=0x7fff9aa20060,
stored_clid=0x7fff9aa20010) at app_dial.c:1562

#17 0x00007fffa7170f70 in dial_exec_full (chan=0x7fff340ab648,
data=0x7fff9aa23120 "SIP/sbc/79139601839,300,Tt", peerflags=0x7fff9aa20ec0,
continue_exec=0x0) at app_dial.c:2683

#18 0x00007fffa7173789 in dial_exec (chan=0x7fff340ab648,
data=0x7fff9aa23120 "SIP/sbc/79139601839,300,Tt") at app_dial.c:3130

#19 0x000000000052b7dd in pbx_exec (c=0x7fff340ab648, app=0x106f200,
data=0x7fff9aa23120 "SIP/sbc/79139601839,300,Tt") at pbx.c:1622

#20 0x0000000000536284 in pbx_extension_helper (c=0x7fff340ab648, con=0x0,
context=0x7fff340ac498 "macro-dialout-trunk", exten=0x7fff340ac4e8 "s",
priority=22, label=0x0, callerid=0x7fff1c05dc70 "74996051913",
action=E_SPAWN,

    found=0x7fff9aa2578c, combined_find_spawn=1) at pbx.c:4915

#21 0x000000000053971f in ast_spawn_extension (c=0x7fff340ab648,
context=0x7fff340ac498 "macro-dialout-trunk", exten=0x7fff340ac4e8 "s",
priority=22, callerid=0x7fff1c05dc70 "74996051913", found=0x7fff9aa2578c,
combined_find_spawn=1)

    at pbx.c:6037

#22 0x00007fffab3f20b0 in _macro_exec (chan=0x7fff340ab648,
data=0x7fff9aa28490 "dialout-trunk,4,79139601839,,off", exclusive=0) at
app_macro.c:412

#23 0x00007fffab3f3342 in macro_exec (chan=0x7fff340ab648,
data=0x7fff9aa28490 "dialout-trunk,4,79139601839,,off") at app_macro.c:585

#24 0x000000000052b7dd in pbx_exec (c=0x7fff340ab648, app=0xfbc430,
data=0x7fff9aa28490 "dialout-trunk,4,79139601839,,off") at pbx.c:1622

#25 0x0000000000536284 in pbx_extension_helper (c=0x7fff340ab648, con=0x0,
context=0x7fff340ac498 "macro-dialout-trunk", exten=0x7fff340ac4e8 "s",
priority=5, label=0x0, callerid=0x7fff1c05dc70 "74996051913",
action=E_SPAWN,

    found=0x7fff9aa2ab70, combined_find_spawn=1) at pbx.c:4915

#26 0x000000000053971f in ast_spawn_extension (c=0x7fff340ab648,
context=0x7fff340ac498 "macro-dialout-trunk", exten=0x7fff340ac4e8 "s",
priority=5, callerid=0x7fff1c05dc70 "74996051913", found=0x7fff9aa2ab70,
combined_find_spawn=1)

    at pbx.c:6037

#27 0x000000000053aebc in __ast_pbx_run (c=0x7fff340ab648, args=0x0) at
pbx.c:6512

#28 0x000000000053c999 in pbx_thread (data=0x7fff340ab648) at pbx.c:6842

#29 0x00000000005990d5 in dummy_start (data=0x7fff34018e00) at utils.c:1223

#30 0x00000037ca2079d1 in start_thread (arg=0x7fff9aa2b700) at
pthread_create.c:301

#31 0x00000037c9ee89dd in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:115

2014-12-23 16:53 GMT+03:00 Вячеслав Бадалян <v.badalyan at open-bs.ru>:

> another crash. Double free.
>
>
>
>
> 2014-12-22 17:29 GMT+03:00 Вячеслав Бадалян <v.badalyan at open-bs.ru>:
>
>> Hmm... again asserts...
>> s->init_num == 0
>>
>> full backtrace attached...
>>
>> 2014-12-18 13:10 GMT+03:00 Matt Caswell via RT <rt at openssl.org>:
>>
>>> On Thu Dec 18 04:54:57 2014, v.badalyan at open-bs.ru wrote:
>>> > Thanks! Great!
>>> > 6000 calls. No crashes or leaks.... only messages like this in
>>> > asterisk
>>> > [2014-12-18 04:59:20] ERROR[31074][C-000013d4] res_rtp_asterisk.c:
>>> > DTLS
>>> > failure occurred on RTP instance '0x298c1d68' due to reason 'digest
>>> > check
>>> > failed', terminating
>>> > [2014-12-18 04:59:28] ERROR[31081][C-000013d7] res_rtp_asterisk.c:
>>> > DTLS
>>> > failure occurred on RTP instance '0x29d16508' due to reason 'digest
>>> > check
>>> > failed', terminating
>>> > [2014-12-18 05:04:07] ERROR[31881][C-0000142d] res_rtp_asterisk.c:
>>> > DTLS
>>> > failure occurred on RTP instance '0x29fe0ac8' due to reason 'digest
>>> > check
>>> > failed', terminating
>>> >
>>> > But 99% call go normal. We will test on production server and high
>>> > load.
>>>
>>> Good news. Let me know how the testing goes in production so that I can
>>> (hopefully) close the ticket.
>>>
>>> Matt
>>>
>>>
>>
>>
>> --
>> С уважением,
>> Бадалян Вячеслав Борисович
>>
>> ООО "Открытые бизнес-решения"
>> Технический директор
>> +7 (495) 666-0-111
>> http://www.open-bs.ru
>>
>
>
>
> --
> С уважением,
> Бадалян Вячеслав Борисович
>
> ООО "Открытые бизнес-решения"
> Технический директор
> +7 (495) 666-0-111
> http://www.open-bs.ru
>



-- 
С уважением,
Бадалян Вячеслав Борисович

ООО "Открытые бизнес-решения"
Технический директор
+7 (495) 666-0-111
http://www.open-bs.ru

More information about the openssl-dev mailing list