[openssl-dev] Random Crash in X509_NAME_cmp

JM jeevhi at gmail.com
Sun Feb 14 06:21:40 UTC 2016 

Hello All,

We are facing this issue for quite sometime, a random crash in SSL3_accept.
We yet to figure out the exact cause as it's quite random and does not
happen frequently - but it does happen once in a few hundred thousand
connections and crashing the server.  We are using openssl 1.0.1e on CentOS
7.2. I hope to get some help here, will be happy to provide additional
information if requires.

Program terminated with signal 11, Segmentation fault.
#0  0x00007f0956bd394a in X509_NAME_cmp () from /lib64/libcrypto.so.10
Missing separate debuginfos, use: debuginfo-install
cyrus-sasl-lib-2.1.26-19.2.el7.x86_64 glibc-2.17-106.el7_2.1.x86_64
gmp-6.0.0-12.el7_1.x86_64 gnutls-3.3.8-14.el7_2.x86_64
keyutils-libs-1.5.8-3.el7.x86_64 krb5-libs-1.13.2-10.el7.x86_64
libcom_err-1.42.9-7.el7.x86_64 libcurl-7.29.0-25.el7.centos.x86_64
libffi-3.0.13-16.el7.x86_64 libgcc-4.8.5-4.el7.x86_64
libidn-1.28-4.el7.x86_64 libselinux-2.2.2-6.el7.x86_64
libssh2-1.4.3-10.el7.x86_64 libstdc++-4.8.5-4.el7.x86_64
libtasn1-3.8-2.el7.x86_64 mariadb-libs-5.5.44-2.el7.centos.x86_64
nettle-2.7.1-4.el7.x86_64 nspr-4.10.8-2.el7_1.x86_64
nss-3.19.1-19.el7_2.x86_64 nss-softokn-freebl-3.16.2.3-13.el7_1.x86_64
nss-util-3.19.1-4.el7_1.x86_64 openldap-2.4.40-8.el7.x86_64
openssl-libs-1.0.1e-51.el7_2.2.x86_64 p11-kit-0.20.7-3.el7.x86_64
pcre-8.32-15.el7.x86_64 trousers-0.3.13-1.el7.x86_64
xz-libs-5.1.2-12alpha.el7.x86_64 zlib-1.2.7-15.el7.x86_64
(gdb) b
Breakpoint 1 at 0x7f0956bd394a
(gdb) bt
#0  0x00007f0956bd394a in X509_NAME_cmp () from /lib64/libcrypto.so.10
#1  0x00007f0956b26b54 in OBJ_bsearch_ex_ () from /lib64/libcrypto.so.10
#2  0x00007f0956b9c005 in internal_find () from /lib64/libcrypto.so.10
#3  0x00007f0956bd9a3f in x509_object_idx_cnt () from /lib64/libcrypto.so.10
#4  0x00007f0956bd9fb9 in X509_OBJECT_retrieve_by_subject () from
/lib64/libcrypto.so.10
#5  0x00007f0956bda03b in X509_STORE_get_by_subject () from
/lib64/libcrypto.so.10
#6  0x00007f0956bda8ea in X509_STORE_CTX_get1_issuer () from
/lib64/libcrypto.so.10
#7  0x00007f0956bd64f5 in X509_verify_cert () from /lib64/libcrypto.so.10
#8  0x00007f0956ecec98 in ssl3_output_cert_chain () from /lib64/libssl.so.10
#9  0x00007f0956ec23d5 in ssl3_send_server_certificate () from
/lib64/libssl.so.10
#10 0x00007f0956ec384d in ssl3_accept () from /lib64/libssl.so.10
#11 0x00007f0956ed1088 in ssl23_accept () from /lib64/libssl.so.10


Thanks
Jim
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160214/af10d2dc/attachment.html>

More information about the openssl-dev mailing list