NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lib/43828: openssl lib in 5.0.2 SEGV during SSL_accept
On Thu, Sep 02, 2010 at 03:30:01PM +0000,
Wolfgang.Stukenbrock%nagler-company.com@localhost wrote:
> The SSL is setup to accept SSLv23 connection by apache.
> The accept-stuff of the SSLv23 code reads in the first 11 bytes (shown
> above) and switches to
> TLSv1 mode. It re-injects the 11 bytes into the input again and starts
> the accept stuff from
> the choosen method - in this case ssl3_accept().
> There it starts with the state SSL3_ST_SR_CLNT_HELLO_A, switches to
> SSL3_ST_SW_SRVR_HELLO_A,
> SSL3_ST_SW_CHANGE_A and SSL3_ST_SW_FINISHED_A.
> There it calls ssl3_send_finished() that will call ssl3_do_write().
> ssl3_do_write() calls ssl3_finish_mac(). The comment there says, that
> this makes not realy sence
> for HELLO processing, but the result will be ignored in this case -- OK
> - not the best way, but ..
> In ssl3_finish_mac() "s->s3->handshare_buffer" is not set, so it starts
> looking for entries in
> "s->s3->handshake_dgst", but this is still a NULL pointer -> SEGV
Looks like the bug I fixed with:
http://releng.netbsd.org/cgi-bin/req-5.cgi?show=1365
So this should be fixed in netbsd-5-0 newer than 5.0.2, as well
as in the upcoming 5.1
--
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
NetBSD: 26 ans d'experience feront toujours la difference
--
Home |
Main Index |
Thread Index |
Old Index