Crash seen in "OPENSSL_sk_pop_free" API
Bala Duvvuri
b_duvvuri at yahoo.com
Mon Aug 16 09:58:32 UTC 2021
Hi All,
We are using OpenSSl version 1.1.1d in our program and crash is being seen in "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification API. Since crash is not seen always, trying to understand from OpenSSL code, when can this occur?
Below is the bt of the crash
#0 0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 <X509_free>) at crypto/stack/stack.c:367
i = 0
#1 0x0f344c74 in sk_X509_pop_free (freefunc=<optimized out>, sk=<optimized out>) at include/openssl/x509.h:99
No locals.
#2 X509_STORE_CTX_cleanup (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2454
No locals.
#3 0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx at entry=0x1041ba70) at crypto/x509/x509_vfy.c:2281
No locals
....
Below is the OpenSSL code
360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
361 {
362 int i;
363
364 if (st == NULL)
365 return;
366 for (i = 0; i < st->num; i++)
367 if (st->data[i] != NULL)---------------------> Crash seen here
368 func((char *)st->data[i]);
369 OPENSSL_sk_free(st);
370 }
Can someone please help to understand under what conditions this can happen?
We use the below API's during certificate verification:
X509_STORE_new()
X509_STORE_CTX_new()
X509_STORE_set_verify_cb_func
X509_STORE_set_default_paths
X509_STORE_load_locations
X509_STORE_CTX_init
X509_STORE_CTX_set_flags
X509_verify_cert
/* Cleanup. */
FREE_X509_STORE_CTX(pContext);
Thanks
Bala
More information about the openssl-users
mailing list