NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: lib/43828: openssl lib in 5.0.2 SEGV during SSL_accept



On Thu, Sep 02, 2010 at 03:30:01PM +0000, 
Wolfgang.Stukenbrock%nagler-company.com@localhost wrote:
>       The SSL is setup to accept SSLv23 connection by apache.
>       The accept-stuff of the SSLv23 code reads in the first 11 bytes (shown 
> above) and switches to
>       TLSv1 mode. It re-injects the 11 bytes into the input again and starts 
> the accept stuff from
>       the choosen method - in this case ssl3_accept().
>       There it starts with the state SSL3_ST_SR_CLNT_HELLO_A, switches to 
> SSL3_ST_SW_SRVR_HELLO_A,
>       SSL3_ST_SW_CHANGE_A and SSL3_ST_SW_FINISHED_A.
>       There it calls ssl3_send_finished() that will call ssl3_do_write().
>       ssl3_do_write() calls ssl3_finish_mac(). The comment there says, that 
> this makes not realy sence
>       for HELLO processing, but the result will be ignored in this case -- OK 
> - not the best way, but ..
>       In ssl3_finish_mac() "s->s3->handshare_buffer" is not set, so it starts 
> looking for entries in
>       "s->s3->handshake_dgst", but this is still a NULL pointer -> SEGV

Looks like the bug I fixed with:
http://releng.netbsd.org/cgi-bin/req-5.cgi?show=1365

So this should be fixed in netbsd-5-0 newer than 5.0.2, as well
as in the upcoming 5.1

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--


Home | Main Index | Thread Index | Old Index