[openssl-dev] [openssl.org #4467] SSL_Connect crashed

Tiantian Liu via RT rt at openssl.org
Mon Mar 21 16:11:52 UTC 2016


Hi Victor,
Thanks for your response. I will inspect the field you mentioned.
Thanks!
Tyler 


Tiantian(Tyler) Liu 
Analyste Programmeur | Programmer Analyst
Tender Retail 
ACCEO Solutions Inc.

416-498-1200 ext. 301 
Suite 400 – 2 Lansing Square Toronto, Ontario, Canada M2J 4P8  
acceo.com 




-----Original Message-----
From: Viktor Dukhovni via RT [mailto:rt at openssl.org] 
Sent: March-21-16 12:10 PM
To: Tiantian (Tyler) Liu
Cc: openssl-dev at openssl.org
Subject: Re: [openssl-dev] [openssl.org #4467] SSL_Connect crashed


> On Mar 21, 2016, at 11:51 AM, Tiantian Liu via RT <rt at openssl.org> wrote:
> 
> 
> srp_ctx = {SRP_cb_arg = 0x0, TLS_ext_srp_username_callback = 0, SRP_verify_param_callback = 0, SRP_give_srp_client_pwd_callback = 0,
>    login = 0x44454c4c <Address 0x44454c4c out of bounds>, N = 0x9a285f8, g = 0x61, s = 0x9a29820, B = 0xdbd150, A = 0x0, a = 0x4, b = 0x18, v = 0x18, info = 0x9a298d0 "", strength = 0,
>    srp_Mask = 0}
> (gdb) n
> 
> Program received signal SIGSEGV, Segmentation fault.
> 0x008283cc in ssl3_connect () from /usr/lib/libssl.so.1.0.0
> (gdb) quit
> 
> The SSL structure was returned by SSL_new(), and we didn't touch the SSL structure before we calling SSL_Connect().
> The only suspicious value I found is the  'out of bounds' error upon 'login' field. But I don't think it caused the crash.

Interestingly, "0x44454c4c" is "DELL".  In OpenSSL the SSL_new() function zeros the SSL structure when it is allocated.  So that "DELL" clobbered the "login" pointer after the structure was allocated in SSL_new().

Are you using SRP?  One would expect the entire SRP context to be zeroed otherwise...  Either something is clobbering memory, or you may be using SRP incorrectly.

-- 
	Viktor.


--
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4467
Please log in as guest with password guest if prompted


-- 
Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4467
Please log in as guest with password guest if prompted



More information about the openssl-dev mailing list