Re: ssl code going astray

To: tech-toolchain%NetBSD.org@localhost
Subject: Re: ssl code going astray
From: Joerg Sonnenberger <joerg%bec.de@localhost>
Date: Wed, 7 Apr 2021 01:19:05 +0200

On Wed, Apr 07, 2021 at 12:45:42AM +0200, Thomas Klausner wrote:
> On my NetBSD 9.99.81/amd64 however, this dumps core, with a weird
> backtrace[2]: In the middle of the openssl part of the stack (frames
> 16-5), functions from nss are called instead of the ones of the same
> name from openssl (frames 4-0).

It's potentially even worse, since they are also libc names. At least
OpenSSL is patched in NetBSD base to not use its own implementation as
it is using a larger context than libc and would therefore results in
buffer overflows all over the place.

Joerg

References:
- ssl code going astray
  - From: Thomas Klausner

Prev by Date: Re: ssl code going astray
Next by Date: Re: ssl code going astray
Previous by Thread: Re: ssl code going astray
Next by Thread: Re: ssl code going astray
Indexes:

Home | Main Index | Thread Index | Old Index