[openssl-dev] [openssl.org #4236] SSL_connect() crash with CRL
Viktor Dukhovni
openssl-users at dukhovni.org
Thu Jan 14 17:22:34 UTC 2016
On Thu, Jan 14, 2016 at 05:08:13PM +0000, Daniel Stenberg via RT wrote:
> I've had this crash for a while with current openssl git master.
Please don't be shy about reporting problems *before* we cut a
release...
> (gdb) fr 1
> #1 0x00000000005804ca in check_cert (ctx=0x7fffffffd010) at x509_vfy.c:708
> 708 ok = ctx->get_crl(ctx, &crl, x);
> (gdb) p ctx
> $1 = (X509_STORE_CTX *) 0x7fffffffd010
> (gdb) p crl
> $2 = (X509_CRL *) 0x0
> (gdb) p x
> $3 = (X509 *) 0xa0cbb0
> (gdb) p ctx->get_crl
> $5 = (int (*)(X509_STORE_CTX *, X509_CRL **, X509 *)) 0x7fffffffd158
Looks like the ctx->get_crl argument is not set. This should
fix it:
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 73339f3..c395acc 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2150,6 +2150,8 @@ int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
if (store && store->get_crl)
ctx->get_crl = store->get_crl;
+ else
+ ctx->get_crl = NULL;
if (store && store->check_crl)
ctx->check_crl = store->check_crl;
Dynamically allocated X509_STORE_CTX_new() zeroes out all the
structure members, but your's is most likely stack allocated, it
might not be zeroed, so the NULL assignment is necessary.
--
Viktor.
More information about the openssl-dev
mailing list