Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
[openssl-users] CTX_free crash
327 views
Skip to first unread message
dE
Apr 19, 2015, 1:30:07 PM4/19/15
to
I got a program which does the following sequence of operations --
SSL_shutdown(ssl)
SSL_free (ssl);
SSL_CTX_free ( ctx );
close(socket)
Where 'socket' is the underlying non-blocking socket the ssl connection
is established over. bio is also set to non-blocking.
Sometimes, the program crashes when doing an SSL_CTX_free; before the
crash, ctx is an invalid pointer, that's why I can get a valid value
from SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
I tried removing SSL_shutdown(ssl) with no improvements.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
SSL_shutdown(ssl)
SSL_free (ssl);
SSL_CTX_free ( ctx );
close(socket)
Where 'socket' is the underlying non-blocking socket the ssl connection
is established over. bio is also set to non-blocking.
Sometimes, the program crashes when doing an SSL_CTX_free; before the
crash, ctx is an invalid pointer, that's why I can get a valid value
from SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
I tried removing SSL_shutdown(ssl) with no improvements.
_______________________________________________
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Salz, Rich
Apr 19, 2015, 2:42:22 PM4/19/15
to
> Sometimes, the program crashes when doing an SSL_CTX_free; before the
> crash, ctx is an invalid pointer, that's why I can get a valid value from
> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
You mean it's a VALID pointer?
> crash, ctx is an invalid pointer, that's why I can get a valid value from
> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
We'll need a more detailed backtrace.
dE
Apr 20, 2015, 11:12:53 AM4/20/15
to
#0 0x00007ffff6d54210 in ?? () from /usr/lib64/libssl.so.1.0.0
#1 0x00007ffff67cac4d in ?? () from /usr/lib64/libcrypto.so.1.0.0
#2 0x00007ffff67cb14f in lh_delete () from /usr/lib64/libcrypto.so.1.0.0
#3 0x00007ffff6d5ab14 in ?? () from /usr/lib64/libssl.so.1.0.0
#4 0x00007ffff67cb3cc in lh_doall_arg () from /usr/lib64/libcrypto.so.1.0.0
#5 0x00007ffff6d5afc7 in SSL_CTX_flush_sessions () from
/usr/lib64/libssl.so.1.0.0
#6 0x00007ffff6d55f0a in SSL_CTX_free () from /usr/lib64/libssl.so.1.0.0
Wait for the debugging symbols...
dE
Apr 21, 2015, 5:54:30 AM4/21/15
to
On 04/20/15 00:10, Salz, Rich wrote:
>> Sometimes, the program crashes when doing an SSL_CTX_free; before the
>> crash, ctx is an invalid pointer, that's why I can get a valid value from
>> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
> You mean it's a VALID pointer?
>
> We'll need a more detailed backtrace.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
Relevant parts of the BT
>> Sometimes, the program crashes when doing an SSL_CTX_free; before the
>> crash, ctx is an invalid pointer, that's why I can get a valid value from
>> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
> You mean it's a VALID pointer?
>
> We'll need a more detailed backtrace.
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
#0 0x00007ffff54bde97 in raise () from /lib64/libc.so.6
#1 0x00007ffff54bf208 in abort () from /lib64/libc.so.6
#2 0x00007ffff54feea0 in ?? () from /lib64/libc.so.6
#3 0x00007ffff55048be in ?? () from /lib64/libc.so.6
#4 0x00007ffff55050ab in ?? () from /lib64/libc.so.6
#5 0x00007ffff6827f7c in CRYPTO_free (str=0x8fbfe0) at mem.c:401
#6 0x00007ffff67e99a0 in X509_VERIFY_PARAM_free (param=0x8fbfe0) at
x509_vpm.c:102
#7 0x00007ffff6d5302a in SSL_CTX_free (a=0x8fe090) at ssl_lib.c:1944
dE
Apr 25, 2015, 6:06:54 AM4/25/15
to
On 04/21/15 15:22, dE wrote:
> On 04/20/15 00:10, Salz, Rich wrote:
>>> Sometimes, the program crashes when doing an SSL_CTX_free; before the
>>> crash, ctx is an invalid pointer, that's why I can get a valid value
>>> from
>>> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
>> You mean it's a VALID pointer?
>>
>> We'll need a more detailed backtrace.
>> _______________________________________________
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> Relevant parts of the BT
>
> #0 0x00007ffff54bde97 in raise () from /lib64/libc.so.6
> #1 0x00007ffff54bf208 in abort () from /lib64/libc.so.6
> #2 0x00007ffff54feea0 in ?? () from /lib64/libc.so.6
> #3 0x00007ffff55048be in ?? () from /lib64/libc.so.6
> #4 0x00007ffff55050ab in ?? () from /lib64/libc.so.6
> #5 0x00007ffff6827f7c in CRYPTO_free (str=0x8fbfe0) at mem.c:401
> #6 0x00007ffff67e99a0 in X509_VERIFY_PARAM_free (param=0x8fbfe0) at
> x509_vpm.c:102
> #7 0x00007ffff6d5302a in SSL_CTX_free (a=0x8fe090) at ssl_lib.c:1944
libc BT needed also?
> On 04/20/15 00:10, Salz, Rich wrote:
>>> Sometimes, the program crashes when doing an SSL_CTX_free; before the
>>> crash, ctx is an invalid pointer, that's why I can get a valid value
>>> from
>>> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
>> You mean it's a VALID pointer?
>>
>> We'll need a more detailed backtrace.
>> _______________________________________________
>> openssl-users mailing list
>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> Relevant parts of the BT
>
> #0 0x00007ffff54bde97 in raise () from /lib64/libc.so.6
> #1 0x00007ffff54bf208 in abort () from /lib64/libc.so.6
> #2 0x00007ffff54feea0 in ?? () from /lib64/libc.so.6
> #3 0x00007ffff55048be in ?? () from /lib64/libc.so.6
> #4 0x00007ffff55050ab in ?? () from /lib64/libc.so.6
> #5 0x00007ffff6827f7c in CRYPTO_free (str=0x8fbfe0) at mem.c:401
> #6 0x00007ffff67e99a0 in X509_VERIFY_PARAM_free (param=0x8fbfe0) at
> x509_vpm.c:102
> #7 0x00007ffff6d5302a in SSL_CTX_free (a=0x8fe090) at ssl_lib.c:1944
dE
Apr 25, 2015, 6:33:12 PM4/25/15
to
On 04/25/15 15:34, dE wrote:
> On 04/21/15 15:22, dE wrote:
>> On 04/20/15 00:10, Salz, Rich wrote:
>>>> Sometimes, the program crashes when doing an SSL_CTX_free; before the
>>>> crash, ctx is an invalid pointer, that's why I can get a valid
>>>> value from
>>>> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
>>> You mean it's a VALID pointer?
>>>
>>> We'll need a more detailed backtrace.
>>> _______________________________________________
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>> Relevant parts of the BT
>>
>> #0 0x00007ffff54bde97 in raise () from /lib64/libc.so.6
>> #1 0x00007ffff54bf208 in abort () from /lib64/libc.so.6
>> #2 0x00007ffff54feea0 in ?? () from /lib64/libc.so.6
>> #3 0x00007ffff55048be in ?? () from /lib64/libc.so.6
>> #4 0x00007ffff55050ab in ?? () from /lib64/libc.so.6
>> #5 0x00007ffff6827f7c in CRYPTO_free (str=0x8fbfe0) at mem.c:401
>> #6 0x00007ffff67e99a0 in X509_VERIFY_PARAM_free (param=0x8fbfe0) at
>> x509_vpm.c:102
>> #7 0x00007ffff6d5302a in SSL_CTX_free (a=0x8fe090) at ssl_lib.c:1944
>
> libc BT needed also?
Ok, more detailed BT
> On 04/21/15 15:22, dE wrote:
>> On 04/20/15 00:10, Salz, Rich wrote:
>>>> Sometimes, the program crashes when doing an SSL_CTX_free; before the
>>>> crash, ctx is an invalid pointer, that's why I can get a valid
>>>> value from
>>>> SSL_CTX_get_max_cert_list (ctx), so it's not a double free problem.
>>> You mean it's a VALID pointer?
>>>
>>> We'll need a more detailed backtrace.
>>> _______________________________________________
>>> openssl-users mailing list
>>> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>>
>> Relevant parts of the BT
>>
>> #0 0x00007ffff54bde97 in raise () from /lib64/libc.so.6
>> #1 0x00007ffff54bf208 in abort () from /lib64/libc.so.6
>> #2 0x00007ffff54feea0 in ?? () from /lib64/libc.so.6
>> #3 0x00007ffff55048be in ?? () from /lib64/libc.so.6
>> #4 0x00007ffff55050ab in ?? () from /lib64/libc.so.6
>> #5 0x00007ffff6827f7c in CRYPTO_free (str=0x8fbfe0) at mem.c:401
>> #6 0x00007ffff67e99a0 in X509_VERIFY_PARAM_free (param=0x8fbfe0) at
>> x509_vpm.c:102
>> #7 0x00007ffff6d5302a in SSL_CTX_free (a=0x8fe090) at ssl_lib.c:1944
>
> libc BT needed also?
#0 0x00007ffff6d5270d in ssl_session_hash (a=0x0) at ssl_lib.c:1674
#1 0x00007ffff6d527db in ssl_session_LHASH_HASH (arg=0x0) at ssl_lib.c:1699
#2 0x00007ffff6795daf in getrn (lh=0x8fcd80, data=0x0,
rhash=0x7fffd67eb908) at lhash.c:411
#3 0x00007ffff679571a in lh_delete (lh=0x8fcd80, data=0x0) at lhash.c:224
#4 0x00007ffff6d58d33 in timeout_doall_arg (s=0x0, p=0x7fffd67eba40) at
ssl_sess.c:988
#5 0x00007ffff6d58dc6 in timeout_LHASH_DOALL_ARG (arg1=0x0,
arg2=0x7fffd67eba40) at ssl_sess.c:997
#6 0x00007ffff6795942 in doall_util_fn (lh=0x8fcd80, use_arg=1, func=0x0,
func_arg=0x7ffff6d58d93 <timeout_LHASH_DOALL_ARG>,
arg=0x7fffd67eba40) at lhash.c:292
#7 0x00007ffff67959d9 in lh_doall_arg (lh=0x8fcd80, func=0x7ffff6d58d93
<timeout_LHASH_DOALL_ARG>, arg=0x7fffd67eba40)
at lhash.c:307
#8 0x00007ffff6d58e56 in SSL_CTX_flush_sessions (s=0x8fcec0, t=0) at
ssl_sess.c:1011
#9 0x00007ffff6d53048 in SSL_CTX_free (a=0x8fcec0) at ssl_lib.c:1956
cwy...@aranetworks.com
Jan 21, 2016, 3:55:10 AM1/21/16
to
Hi, dE.
I have a crash with exact same backtrace as yours.
Have you find any clue for your crash?
I appreciate any comments.
Best regards,
Chul-Woong
Backtrace:
a.out[0x65b8c4] <-- ssl_session_LHASH_HASH
a.out[0x5def6d] <-- getrn
a.out(lh_delete+0x2d)[0x5df24d]
a.out[0x663194] <-- timeout_LHASH_DOALL_ARG
a.out[0x5dee71] <-- doall_util_fn
a.out(SSL_CTX_flush_sessions+0x68)[0x662e58]
a.out(SSL_CTX_free+0x82)[0x65dea2]
a.out(SSL_free+0x1df)[0x65fd2f]
a.out[0x44fa9c]
...
2015년 4월 26일 일요일 오전 7시 33분 12초 UTC+9, dE 님의 말:
I have a crash with exact same backtrace as yours.
Have you find any clue for your crash?
I appreciate any comments.
Best regards,
Chul-Woong
Backtrace:
a.out[0x65b8c4] <-- ssl_session_LHASH_HASH
a.out[0x5def6d] <-- getrn
a.out(lh_delete+0x2d)[0x5df24d]
a.out[0x663194] <-- timeout_LHASH_DOALL_ARG
a.out[0x5dee71] <-- doall_util_fn
a.out(SSL_CTX_flush_sessions+0x68)[0x662e58]
a.out(SSL_CTX_free+0x82)[0x65dea2]
a.out(SSL_free+0x1df)[0x65fd2f]
a.out[0x44fa9c]
...
2015년 4월 26일 일요일 오전 7시 33분 12초 UTC+9, dE 님의 말:
0 new messages