[openssl-dev] [openssl.org #4618] BUG: Crash in do_ssl3_write unless OPENSSL_NO_MULTIBLOCK
Dave Baggett via RT
rt at openssl.org
Mon Jul 25 18:36:56 UTC 2016
Yes, that appears to fix it. Thanks!
Dave
Sent with [inky](http://inky.com?kme=signature)
"Matt Caswell via RT" <rt at openssl.org> wrote:
>
> On Wed Jul 20 19:46:37 2016, dmb at inky.com wrote:
> > OS: Mac OS X 11.11.5
> > Version: OpenSSL 1.1-pre6 (head code as of yesterday)
> > When the server fails under some circumstances, this line reads a bad
> > address:
> > /* write the header */
> >
> > *(outbuf[j]++) = type & 0xff;
> >
> > Because outbuf is 3. This is because prior to the alignment code,
> > outbuf is
> > NULL.
> > outbuf is set to s->rlayer->wbuf[0].buf, which at that point has been
> > set to
> > NULL by the code guarded by
> > #if !defined(OPENSSL_NO_MULTIBLOCK) && EVP_CIPH_FLAG_TLS1_1_MULTIBLOCK
> >
> > in ssl3_write_bytes.
> > I'm sorry I can't give you a simple reproducer; I was able to
> > reproduce it by
> > mailing very large files with our mail app. Eventually the Exchange
> > server
> > fails and downstream code resets the write buffer and the multiblock
> > code sets
> > s->rlayer->wbuf[0].buf to NULL.
> > The workaround is to compile with -DOPENSSL_NO_MULTIBLOCK -- I've
> > verified
> > that this eliminates the crash in practice.
> > Feel free to email me if you want me to put in to some test code and
> > reproduce
> > it.
> > Dave
> > Sent with [inky](http://inky.com?kme=signature)
>
> Hi Dave
>
> Please could you try the attached patch and see if that resolves the issue?
>
> Thanks
>
> Matt
>
> --
> Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4618
> Please log in as guest with password guest if prompted
>
>
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4618
Please log in as guest with password guest if prompted
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 5478 bytes
Desc: not available
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160725/dc389ed5/attachment.bin>
More information about the openssl-dev
mailing list