[openssl-dev] [openssl.org #3760] [BUG] Segmentation fault from s3_svr.c ssl3_choose_cipher()

Mark.Daniel@wasd.vsm.com.au via RT rt at openssl.org
Mon Mar 23 04:29:18 UTC 2015 

Hi.  This issue is not present in 1.0.1k or earlier (my code has worked for
years), and is in 1.0.2 and 1.0.2a.  I do not have any simple reproducer as
it comes from a moderately esoteric environment using asynchronous BIO
written for [Open]VMS.

The server initiates the SSL listening context using:

      if (!(SSLversion & SESOLA_SSLV2)) SSLoptions |= SSL_OP_NO_SSLv2;
      if (!(SSLversion & SESOLA_SSLV3)) SSLoptions |= SSL_OP_NO_SSLv3;
      if (!(SSLversion & SESOLA_TLSV1)) SSLoptions |= SSL_OP_NO_TLSv1;
      if (!(SSLversion & SESOLA_TLSV1_1)) SSLoptions |= SSL_OP_NO_TLSv1_1;
      if (!(SSLversion & SESOLA_TLSV1_2)) SSLoptions |= SSL_OP_NO_TLSv1_2;
      SslCtx = SSL_CTX_new (SSLv23_method());

(i.e. options-off any non-desired protocol versions)

The problem was induced on the command-line:

  openssl s_client -ssl3 -host <whichever> -port 443

Trace data from the program shows:

|00:53:29.08 SESOLANE 0214 0001 SSL        BEGIN|
|00:53:29.08 SESOLA   2606 0001 SSL        start handshake|
|00:53:29.08 SESOLA   2583 0001 SSL        SSL_ACCEPT before/accept initialization|
|00:53:29.08 SESOLA   2686 0001 SSL        READ 11/-1 (outstanding)|
|00:53:29.08 SESOLA   2593 0001 SSL        SSL_ACCEPT error/blocking in SSLv2/v3 read client hello A|
|00:53:29.08 SESOLA   2686 0001 SSL        READ 11/11 (complete)|
|00:53:29.08 SESOLA   2700 0001 SSL        CTRL 6 0|
|00:53:29.08 SESOLA   2686 0001 SSL        READ 147/-1 (outstanding)|
|00:53:29.08 SESOLA   2593 0001 SSL        SSL_ACCEPT error/blocking in SSLv3 read client hello B|
|00:53:29.08 SESOLA   2593 0001 SSL        SSL_ACCEPT error/blocking in SSLv3 read client hello B|
|00:53:29.09 SESOLA   2686 0001 SSL        READ 147/147 (complete)|
|00:53:29.09 SESOLA   2691 0001 SSL        WRITE 7/-1 (outstanding)|
|00:53:29.09 SESOLA   2602 0001 SSL        SSL_BEFORE write SSLv3 read client hello C|
|00:53:29.09 SESOLA   2593 0001 SSL        SSL_ACCEPT error/blocking in SSLv3 read client hello C|

and then without my workaround segmentation faults, apparently when the NULL
session is dereferenced by ssl3_choose_cipher().

My workaround in s3_svr.c looks like:

#define MGD_150321
#ifdef MGD_150321
/***
OpenSSL v1.0.2 and v1.0.2a ACCVIOs in s3_srvr.c ssl3_get_client_hello()
at ssl3_choose_cipher() when SSLv3 is not enabled with an SSLv3 client!
OpenSSL v1.0.1k s3_srvr.c ssl3_get_client_hello() is fine!!
This seems to be a NULL session being dereferenced here!
***/
        if (s->session == NULL)
           c = NULL;
        else
#endif /* MGD_150321  */
        c = ssl3_choose_cipher(s, s->session->ciphers, SSL_get_ciphers(s));

which avoids the issue but the resulting trace data suggests not elegantly. 
The underlying issue must be upstream in the processing.

Trust this is of some assistance.

More information about the openssl-dev mailing list