[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lib/43828: openssl lib in 5.0.2 SEGV during SSL_accept
The following reply was made to PR lib/43828; it has been noted by GNATS.
From: Manuel Bouyer <bouyer%antioche.eu.org@localhost>
Cc: lib-bug-people%NetBSD.org@localhost, gnats-admin%NetBSD.org@localhost,
Subject: Re: lib/43828: openssl lib in 5.0.2 SEGV during SSL_accept
Date: Thu, 2 Sep 2010 19:58:17 +0200
On Thu, Sep 02, 2010 at 03:30:01PM +0000,
> The SSL is setup to accept SSLv23 connection by apache.
> The accept-stuff of the SSLv23 code reads in the first 11 bytes (shown
> above) and switches to
> TLSv1 mode. It re-injects the 11 bytes into the input again and starts
> the accept stuff from
> the choosen method - in this case ssl3_accept().
> There it starts with the state SSL3_ST_SR_CLNT_HELLO_A, switches to
> SSL3_ST_SW_CHANGE_A and SSL3_ST_SW_FINISHED_A.
> There it calls ssl3_send_finished() that will call ssl3_do_write().
> ssl3_do_write() calls ssl3_finish_mac(). The comment there says, that
> this makes not realy sence
> for HELLO processing, but the result will be ignored in this case -- OK
> - not the best way, but ..
> In ssl3_finish_mac() "s->s3->handshare_buffer" is not set, so it starts
> looking for entries in
> "s->s3->handshake_dgst", but this is still a NULL pointer -> SEGV
Looks like the bug I fixed with:
So this should be fixed in netbsd-5-0 newer than 5.0.2, as well
as in the upcoming 5.1
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
NetBSD: 26 ans d'experience feront toujours la difference
Main Index |
Thread Index |