NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: lib/43828: openssl lib in 5.0.2 SEGV during SSL_accept

The following reply was made to PR lib/43828; it has been noted by GNATS.

From: Manuel Bouyer <>
Subject: Re: lib/43828: openssl lib in 5.0.2 SEGV during SSL_accept
Date: Thu, 2 Sep 2010 19:58:17 +0200

 On Thu, Sep 02, 2010 at 03:30:01PM +0000, wrote:
 >      The SSL is setup to accept SSLv23 connection by apache.
 >      The accept-stuff of the SSLv23 code reads in the first 11 bytes (shown 
 > above) and switches to
 >      TLSv1 mode. It re-injects the 11 bytes into the input again and starts 
 > the accept stuff from
 >      the choosen method - in this case ssl3_accept().
 >      There it starts with the state SSL3_ST_SR_CLNT_HELLO_A, switches to 
 >      There it calls ssl3_send_finished() that will call ssl3_do_write().
 >      ssl3_do_write() calls ssl3_finish_mac(). The comment there says, that 
 > this makes not realy sence
 >      for HELLO processing, but the result will be ignored in this case -- OK 
 > - not the best way, but ..
 >      In ssl3_finish_mac() "s->s3->handshare_buffer" is not set, so it starts 
 > looking for entries in
 >      "s->s3->handshake_dgst", but this is still a NULL pointer -> SEGV
 Looks like the bug I fixed with:
 So this should be fixed in netbsd-5-0 newer than 5.0.2, as well
 as in the upcoming 5.1
 Manuel Bouyer <>
      NetBSD: 26 ans d'experience feront toujours la difference

Home | Main Index | Thread Index | Old Index