[openssl-dev] [openssl.org #3760] [BUG] Segmentation fault from s3_svr.c ssl3_choose_cipher()
Mark.Daniel@wasd.vsm.com.au via RT
rt at openssl.org
Mon Mar 23 04:29:18 UTC 2015
Hi. This issue is not present in 1.0.1k or earlier (my code has worked for
years), and is in 1.0.2 and 1.0.2a. I do not have any simple reproducer as
it comes from a moderately esoteric environment using asynchronous BIO
written for [Open]VMS.
The server initiates the SSL listening context using:
if (!(SSLversion & SESOLA_SSLV2)) SSLoptions |= SSL_OP_NO_SSLv2;
if (!(SSLversion & SESOLA_SSLV3)) SSLoptions |= SSL_OP_NO_SSLv3;
if (!(SSLversion & SESOLA_TLSV1)) SSLoptions |= SSL_OP_NO_TLSv1;
if (!(SSLversion & SESOLA_TLSV1_1)) SSLoptions |= SSL_OP_NO_TLSv1_1;
if (!(SSLversion & SESOLA_TLSV1_2)) SSLoptions |= SSL_OP_NO_TLSv1_2;
SslCtx = SSL_CTX_new (SSLv23_method());
(i.e. options-off any non-desired protocol versions)
The problem was induced on the command-line:
openssl s_client -ssl3 -host <whichever> -port 443
Trace data from the program shows:
|00:53:29.08 SESOLANE 0214 0001 SSL BEGIN|
|00:53:29.08 SESOLA 2606 0001 SSL start handshake|
|00:53:29.08 SESOLA 2583 0001 SSL SSL_ACCEPT before/accept initialization|
|00:53:29.08 SESOLA 2686 0001 SSL READ 11/-1 (outstanding)|
|00:53:29.08 SESOLA 2593 0001 SSL SSL_ACCEPT error/blocking in SSLv2/v3 read client hello A|
|00:53:29.08 SESOLA 2686 0001 SSL READ 11/11 (complete)|
|00:53:29.08 SESOLA 2700 0001 SSL CTRL 6 0|
|00:53:29.08 SESOLA 2686 0001 SSL READ 147/-1 (outstanding)|
|00:53:29.08 SESOLA 2593 0001 SSL SSL_ACCEPT error/blocking in SSLv3 read client hello B|
|00:53:29.08 SESOLA 2593 0001 SSL SSL_ACCEPT error/blocking in SSLv3 read client hello B|
|00:53:29.09 SESOLA 2686 0001 SSL READ 147/147 (complete)|
|00:53:29.09 SESOLA 2691 0001 SSL WRITE 7/-1 (outstanding)|
|00:53:29.09 SESOLA 2602 0001 SSL SSL_BEFORE write SSLv3 read client hello C|
|00:53:29.09 SESOLA 2593 0001 SSL SSL_ACCEPT error/blocking in SSLv3 read client hello C|
and then without my workaround segmentation faults, apparently when the NULL
session is dereferenced by ssl3_choose_cipher().
My workaround in s3_svr.c looks like:
#define MGD_150321
#ifdef MGD_150321
/***
OpenSSL v1.0.2 and v1.0.2a ACCVIOs in s3_srvr.c ssl3_get_client_hello()
at ssl3_choose_cipher() when SSLv3 is not enabled with an SSLv3 client!
OpenSSL v1.0.1k s3_srvr.c ssl3_get_client_hello() is fine!!
This seems to be a NULL session being dereferenced here!
***/
if (s->session == NULL)
c = NULL;
else
#endif /* MGD_150321 */
c = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));
which avoids the issue but the resulting trace data suggests not elegantly.
The underlying issue must be upstream in the processing.
Trust this is of some assistance.
More information about the openssl-dev
mailing list