[openssl-dev] [openssl.org #4451] OS X 10.8, x86_64: 01-test_abort.t... sh: line 1: 71522 Abort trap: 6
noloader@gmail.com via RT
rt at openssl.org
Sat Mar 19 01:41:18 UTC 2016
This might be a philosophical difference, but:
$ test/aborttest
test/aborttest.c:15: OpenSSL internal error: Voluntary abort
Abort trap
I don't believe its the library's place to shutdown an application.
Libraries don't make policy decisions for applications.
I think in this case, the library should refuse to process data and
always return a failure. Similar to latching a power-up self test
failure for the FIPS gear.
Crashing the application will make OpenSSL powered apps no better than
BIND, which constantly DoS'es itself. Cf.,
http://www.google.com/search?q=bind+assert+cve.
Jeff
On Fri, Mar 18, 2016 at 8:56 PM, Richard Levitte via RT <rt at openssl.org> wrote:
> This is a non issue, the test comes through ok as expected. The printout is a
> bit ugly, sure, but...
>
> And I'd love if someone could figure out a good way not to have that output. My
> attempts failed miserably...
>
> Vid Sat, 19 Mar 2016 kl. 00.47.40, skrev noloader at gmail.com:
>> Working from Master at a6adf099cbd7c3bc...
>>
>> $ KERNEL_BITS=64 ./config && make depend && make clean && make -j 4
>> ...
>> ...
>> OPENSSL_ENGINES=.././engines \
>> /opt/local/bin//perl5 .././test/run_tests.pl )
>> ../test/recipes/01-test_abort.t ........... sh: line 1: 71522 Abort
>> trap: 6 ../util/shlib_wrap.sh ./aborttest 2> /dev/null
>> ../test/recipes/01-test_abort.t ........... ok
>> ../test/recipes/01-test_ordinals.t ........ ok
>> ...
--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4451
Please log in as guest with password guest if prompted
More information about the openssl-dev
mailing list