[openssl-dev] [openssl.org #3956] SSL_accept() crashed in SSLv3 processing

ice via RT rt at openssl.org
Fri Jul 24 07:18:37 UTC 2015 

Hi,

in my process, I expecienced too many SSL_accept() crashed when processing SSLv3 client request.
(gdb) info stack 
#0  0xb76e3f7a in SSL_accept () from /lib/libssl.so.1.0.0
#1  0x00000000 in ?? ()
#2  0xb76e3f56 in SSL_accept () from /lib/libssl.so.1.0.0
#3  0xbfc2ff23 in ?? ()
#4  0x08049d57 in do_ssl_accept (client_cb=0x9f79790) at rhttpd.cc:823

$12 = {version = 768, type = 8192, method = 0x0, rbio = 0x9f799e0, wbio = 0x9f799e0, bbio = 0x0, rwstate = 1, in_handshake = 0, handshake_func = 0xb76d5d00 <ssl23_accept>, server = 1, new_session = 0, quiet_shutdown = 0, shutdown = 0, state = 8720, rstate = 240, 
  init_buf = 0x9f79a28, init_msg = 0x0, init_num = 0, init_off = 0, packet = 0x9fa3e30 "\026\003", packet_length = 11, s2 = 0x0, s3 = 0x9f9e4a8, d1 = 0x0, read_ahead = 0, msg_callback = 0, msg_callback_arg = 0x0, hit = 0, param = 0x9f78288, cipher_list = 0x0, 
  cipher_list_by_id = 0x0, mac_flags = 0, enc_read_ctx = 0x0, read_hash = 0x0, expand = 0x0, enc_write_ctx = 0x0, write_hash = 0x0, compress = 0x0, cert = 0x9f79948, sid_ctx_length = 0, sid_ctx = '\0' <repeats 31 times>, session = 0x0, generate_session_id = 0, 
  verify_mode = 0, verify_callback = 0, info_callback = 0, error = 0, error_code = 0, psk_client_callback = 0, psk_server_callback = 0, ctx = 0x9f77e60, debug = 0, verify_result = 0, ex_data = {sk = 0x0, dummy = 0}, client_CA = 0x0, references = 1, 
  options = 2147486719, mode = 0, max_cert_list = 102400, first_packet = 0, client_version = 771, max_send_fragment = 16384, tlsext_debug_cb = 0, tlsext_debug_arg = 0x0, tlsext_hostname = 0x0, servername_done = 0, tlsext_status_type = -1, tlsext_status_expected = 0, 
  tlsext_ocsp_ids = 0x0, tlsext_ocsp_exts = 0x0, tlsext_ocsp_resp = 0x0, tlsext_ocsp_resplen = -1, tlsext_ticket_expected = 0, tlsext_ecpointformatlist_length = 0, tlsext_ecpointformatlist = 0x0, tlsext_ellipticcurvelist_length = 0, tlsext_ellipticcurvelist = 0x0, 
  tlsext_opaque_prf_input = 0x0, tlsext_opaque_prf_input_len = 0, tlsext_session_ticket = 0x0, tls_session_ticket_ext_cb = 0, tls_session_ticket_ext_cb_arg = 0x0, tls_session_secret_cb = 0, tls_session_secret_cb_arg = 0x0, initial_ctx = 0x9f77e60, 
  next_proto_negotiated = 0x0, next_proto_negotiated_len = 0 '\0', srtp_profiles = 0x0, srtp_profile = 0x0, tlsext_heartbeat = 0, tlsext_hb_pending = 0, tlsext_hb_seq = 153, renegotiate = 167221624, srp_ctx = {SRP_cb_arg = 0x0, TLS_ext_srp_username_callback = 0, 
    SRP_verify_param_callback = 0, SRP_give_srp_client_pwd_callback = 0, login = 0x0, N = 0x0, g = 0x0, s = 0x0, B = 0x0, A = 0x0, a = 0x0, b = 0x9f786d0, v = 0x9f7b2f8, info = 0xb76b52e8 "@", strength = 0, srp_Mask = 0}}

Somehow the method became 0x0 when processing SSLv3. for now all crashes occured with SSLv3 client requests. We have to disable SSLv2 and SSLv3 support in the process. 
Could anyone help check what happened to make the "method" become 0x0 when processing SSLv3?

Thanks,
Murphy.zhao
-------------- next part --------------
_______________________________________________
openssl-bugs-mod mailing list
openssl-bugs-mod at openssl.org
https://mta.openssl.org/mailman/listinfo/openssl-bugs-mod

More information about the openssl-dev mailing list