[openssl-dev] [openssl.org #3987] Bug report about crash related to ASN1_primitive_free
송성근 via RT
rt at openssl.org
Wed Aug 5 11:01:14 UTC 2015
Hi,
I’ve been using openssl 1.0.1j on android 5.1.
On test, I’ve been getting the following crash messages because of
accessing unaccessable address (invalid pointer) on ASN1_primitive_free.
Fault address is changed every time.
Please provide your help.
Case 1.
08-05 13:05:28.238 I 505 DEBUG signal 11
(SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x5f583449
08-05 13:05:28.248 I 505 DEBUG r0
5f583441 r1 00000000 r2 5f415441 r3 00000001
08-05 13:05:28.248 I 505 DEBUG r4
5f583441 r5 f7137bac r6 f713ff0c r7 f713ff0c
08-05 13:05:28.248 I 505 DEBUG r8
00000000 r9 00000000 sl e6818ac4 fp 32e900d0
08-05 13:05:28.248 I 505 DEBUG ip
00000000 sp f3ef87f0 lr f70a0ba1 pc f7098dca cpsr 20070030
08-05 13:05:28.248 I 505 DEBUG
08-05 13:05:28.248 I 505 DEBUG backtrace:
08-05 13:05:28.248 I 505 DEBUG #00 pc
00045dca /system/lib/libcrypto.so (ASN1_STRING_free+9)
08-05 13:05:28.248 I 505 DEBUG #01 pc
0004db9d /system/lib/libcrypto.so (ASN1_primitive_free+92)
08-05 13:05:28.248 I 505 DEBUG #02 pc
0004db75 /system/lib/libcrypto.so (ASN1_primitive_free+52)
08-05 13:05:28.248 I 505 DEBUG #03 pc
0004da11 /system/lib/libcrypto.so
08-05 13:05:28.248 I 505 DEBUG #04 pc
0004da11 /system/lib/libcrypto.so
08-05 13:05:28.248 I 505 DEBUG #05 pc
0004d965 /system/lib/libcrypto.so (ASN1_item_free+12)
08-05 13:05:28.248 I 505 DEBUG #06 pc
0002a5b1 /system/lib/libssl.so (SSL_SESSION_free+168)
08-05 13:05:28.248 I 505 DEBUG #07 pc
00026ccb /system/lib/libssl.so (SSL_free+166)
openssl/crypto/asn1/asn1_lib.c
void ASN1_STRING_free(ASN1_STRING *a)
{
if (a == NULL) return;
if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF)) <= This point
OPENSSL_free(a->data);
OPENSSL_free(a);
}
Case 2.
08-05 13:23:42.598 I 505 DEBUG signal 11 (SIGSEGV),
code 1 (SEGV_MAPERR), fault addr 0xdd000004
08-05 13:23:42.608 I 505 DEBUG r0 dd78f0a4 r1
00000000 r2 dd000000 r3 00000001
08-05 13:23:42.618 I 505 DEBUG r4 dd000000 r5
f7137bac r6 f713ff0c r7 f713ff0c
08-05 13:23:42.618 I 505 DEBUG r8 00000000 r9
00000000 sl e6845b40 fp 1335aab0
08-05 13:23:42.618 I 505 DEBUG ip 00000000 sp
f3ef8800 lr f70a0b79 pc f70a0b5e cpsr 60070030
08-05 13:23:42.618 I 505 DEBUG
08-05 13:23:42.618 I 505 DEBUG backtrace:
08-05 13:23:42.618 I 505 DEBUG #00 pc 0004db5e
/system/lib/libcrypto.so (ASN1_primitive_free+29)
08-05 13:23:42.618 I 505 DEBUG #01 pc 0004db75
/system/lib/libcrypto.so (ASN1_primitive_free+52)
08-05 13:23:42.618 I 505 DEBUG #02 pc 0004da11
/system/lib/libcrypto.so
08-05 13:23:42.618 I 505 DEBUG #03 pc 0004da11
/system/lib/libcrypto.so
08-05 13:23:42.618 I 505 DEBUG #04 pc 0004da11
/system/lib/libcrypto.so
08-05 13:23:42.618 I 505 DEBUG #05 pc 0004da11
/system/lib/libcrypto.so
08-05 13:23:42.618 I 505 DEBUG #06 pc 0004d965
/system/lib/libcrypto.so (ASN1_item_free+12)
08-05 13:23:42.618 I 505 DEBUG #07 pc 0002a5b1
/system/lib/libssl.so (SSL_SESSION_free+168)
openssl/crypto/asn1/tasn_fre.c
void ASN1_primitive_free(ASN1_VALUE **pval, const ASN1_ITEM *it)
{
...
if (!it)
{
ASN1_TYPE *typ = (ASN1_TYPE *)*pval;
utype = typ->type;
pval = &typ->value.asn1_value;
if (!*pval) <= This point
return;
}
...
}
Thank you
Sungkeun song
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod
More information about the openssl-dev
mailing list