Hi Matt, It looks like handling crypto lock mechanism issue. I defined NO SRP. Now I am getting segmentation fault in CRYPTO_add_lock() function referencing NULL pointer. Please find GDB output below, (gdb) run ftp://x.x.x.x:sample.txt Starting program: /App/vikftp ftp://x.x.x.x:sample.txt Missing separate debuginfo for /lib/ld-linux.so.2 Missing separate debuginfo for /lib/libdl.so.2 Missing separate debuginfo for /lib/libpam.so.0 Missing separate debuginfo for /lib/libm.so.6 Missing separate debuginfo for /lib/libc.so.6 Missing separate debuginfo for /lib/libaudit.so.0 process 22287 is executing new program: /App/vikftp Missing separate debuginfo for /lib/ld-linux.so.2 Missing separate debuginfo for /lib/libdl.so.2 Missing separate debuginfo for /lib/libpam.so.0 Missing separate debuginfo for /lib/libm.so.6 Missing separate debuginfo for /lib/libc.so.6 Missing separate debuginfo for /lib/libaudit.so.0 Program received signal SIGSEGV, Segmentation fault. 0x08205766 in CRYPTO_add_lock (pointer=0x1011, amount=-1, type=3, file=0x85d0030 "/102d/s/tasn_utl.c", line=118) at /102d/s/cryptlib.c:624 624 ret = *pointer + amount; (gdb) bt #0 0x08205766 in CRYPTO_add_lock (pointer=0x1011, amount=-1, type=3, file=0x85d0030 "/102d/s/tasn_utl.c", line=118) at /102d/s/cryptlib.c:624 #1 0x08249d2a in asn1_do_lock (pval=0xff8eee90, op=-1, it=0x862cb1c) at /102d/s/tasn_utl.c:118 #2 0x08246ed5 in asn1_item_combine_free (pval=0xff8eee90, it=0x862cb1c, combine=0) at /102d/s/tasn_fre.c:146 #3 0x08246c40 in ASN1_item_free (val=0x1001, it=0x862cb1c) at /102d/s/tasn_fre.c:72 #4 0x0825eeea in X509_free (a=0x1001) at /102d/s/x_x509.c:143 #5 0x082ee677 in ssl_cert_clear_certs (c=0x872e4e0) at /102d/s/ssl_cert.c:431 #6 0x082ee7ed in ssl_cert_free (c=0x872e4e0) at /102d/s/ssl_cert.c:489 #7 0x0822f926 in SSL_free (s=0x872e340) at /102d/s/ssl_lib.c:627 #8 0x0816566c in closeConnection (pcx=0x86d8310, rsn=0x0, graceful=1 '\001') at /App/vikftp.c:10098 Please let me know if you have any solution. Thanks & Regards, Vikas On 7 Apr 2016 7:18 pm, "Vikas TM" <vikas.tm at gmail.com> wrote: Hi Matt, I was trying the patches available in the Internet. Due to that few blank lines might have added or removed. But no major change in the code. Thanks & Regards, Vikas On 7 Apr 2016 7:07 pm, "Matt Caswell" <matt at openssl.org> wrote: > > > On 07/04/16 14:23, Vikas TM wrote: > > Hi Mike > > > > > > I have integrated openSSL version 102d. While running secure FTP > > connection, I have encountered double free or corruption issue. > > Are you running 1.0.2d as downloaded from the OpenSSL website with no > other patches applied? The line numbers below do not match up with the > git copy of 1.0.2d. > > Matt > > > > > The TLS negotiation is successful and file is also getting transferred > > to partner machine. At the end while freeing all the memory, file > > transfer is ended with ?double free or corruption issue?. I have tried > > almost all the patch available in internet. Please let me know if you > > any solution. > > > > > > > > Machine: Linux x86_64 > > > > Please find the GDB output below, > > > > > > > > Breakpoint 1, ssl3_free (s=0x8736430) at /102d/s/s3_lib.c:2995 > > > > 2995 if (s == NULL || s->s3 == NULL) > > > > (gdb) n > > > > 3009 ssl3_cleanup_key_block(s); > > > > (gdb) > > > > 3010 if (s->s3->rbuf.buf != NULL) > > > > (gdb) > > > > 3011 ssl3_release_read_buffer(s); > > > > (gdb) > > > > 3012 if (s->s3->wbuf.buf != NULL) > > > > (gdb) > > > > 3013 ssl3_release_write_buffer(s); > > > > (gdb) > > > > 3014 if (s->s3->rrec.comp != NULL) > > > > (gdb) > > > > 3017 if (s->s3->tmp.dh != NULL) > > > > (gdb) > > > > 3021 if (s->s3->tmp.ecdh != NULL) > > > > (gdb) > > > > 3025 if (s->s3->tmp.ca_names != NULL) > > > > (gdb) > > > > 3027 if (s->s3->handshake_buffer) { > > > > (gdb) > > > > 3030 if (s->s3->handshake_dgst) > > > > (gdb) > > > > 3031 ssl3_free_digest_list(s); > > > > (gdb) > > > > 3033 if (s->s3->alpn_selected) > > > > (gdb) > > > > 3038 SSL_SRP_CTX_free(s); > > > > (gdb) > > > > > > > > 3042 OPENSSL_cleanse(s->s3, sizeof *(s->s3)); > > > > (gdb) n > > > > 3047 OPENSSL_free(s->s3); > > > > (gdb) p *(s->s3) > > > > $1 = {flags = 1447178013, delay_buf_pop_ret = -1332182677, read_sequence > > = "\311\343\376\032\067Ut\224", read_mac_secret_size = -557140059, > > > > read_mac_secret = "\363\t > > > 8Qk\206\242\277\335\377\034-?Rf{\221\253\300\337\353\016*Ge\204\244\265\307\332\363\003\031\060Ha{\226\262\317\355\f,=Obv\213\241\270\320\356\003\036:Wu\224\264\305\327\356\374", > > write_sequence = "\023)@Xq\213\246", <incomplete sequence \302>, > > write_mac_secret_size = 1008532959, > > > > write_mac_secret = > > > "M_r\206\243\261\310\340\371\023.Jg\205\260\304\325\347\373\016#9Ph\201\233\264\322\357\r,L]o\202\226\253\301\330\363\t#>Zw\225\264\324\345\374\n\036\063I`x\221\253\306\342\377\035<\\", > > server_random = > > > "m\177\222\246\273\321\350\000\031\063Nj\207\245\304\344\365\a\032.CYp\210\241\273\326\362\017-Ll", > > > > client_random = > > > "}\217\242\266\313\341\370\020)C^z\227\265\324\364\005\027*>Si\200\230\261\313\346\002\037=\\|", > > need_empty_fragments = -961372275, > > > > empty_fragment_done = 537457115, init_extra = -1972481223, rbuf = {buf > > = 0x4e4c5a7 <Address 0x4e4c5a7 out of bounds>, len = 1312433941, offset > > = -1466926749, > > > > left = 318168001}, wbuf = {buf = 0x8c6c4d2f <Address 0x8c6c4d2f out > > of bounds>, len = 3603083165, offset = 806879723, left = -1702993079}, > > rrec = { > > > > type = 351589815, length = 1581922085, off = 3097528691, data = > > 0x2206ebd1 <Address 0x2206ebd1 out of bounds>, > > > > input = 0x9c7c5d3f <Address 0x9c7c5d3f out of bounds>, comp = > > 0xe6d2bfad <Address 0xe6d2bfad out of bounds>, epoch = 1076367867, > > > > seq_num = "Ys\216\252\307\345\004$"}, wrec = {type = 1851410229, > > length = 3367016835, off = 840367073, data = 0xac8c6d4f <Address > > 0xac8c6d4f out of bounds>, > > > > input = 0xf6e2cfbd <Address 0xf6e2cfbd out of bounds>, comp = > > 0x5038210b <Address 0x5038210b out of bounds>, epoch = 3130950505, > > > > seq_num = "\327\365\024\064EWj~"}, alert_fragment = "\223\251", > > alert_fragment_len = 1109789681, handshake_fragment = "_}\234\274", > > > > handshake_fragment_len = 116580301, wnum = 1615343899, wpend_tot = > > -894528647, wpend_type = 1143211495, wpend_ret = -1904580779, > > > > wpend_buf = 0xe8d0b9a3 <Address 0xe8d0b9a3 out of bounds>, > > handshake_buffer = 0x52361b01, handshake_dgst = 0xccac8d6f, > > change_cipher_spec = 369291229, > > > > warn_alert = 1884832043, fatal_alert = -625040503, alert_dispatch = > > 1412699639, send_alert = "ew", renegotiate = -119486029, > > total_renegotiations = 1648765713, > > > > num_renegotiations = -591618689, in_read_app_data = 638779373, > > client_opaque_prf_input = 0x8068513b, client_opaque_prf_input_len = > > 3939414937, > > > > server_opaque_prf_input = 0x64442507, server_opaque_prf_input_len = > > 2929362805, tmp = { > > > > cert_verify_md = > > > "\303\331\363\b!;Vr\217\255\314\354\375\017\"6Kax\220\251\303\336\362\029\065Tt\205\227\252\279\323\351\000\030\061Kf\202\237\263\336\321\r\037\062F[q\210\240\271\323\346\n'Ed\204\225\247\281\316\323\371\020(A[v\222\257\314\354\f\035/BVk\201\230\270\212\343\373\032\067Ut\224\248\267\312\336\363\t > > > 8Qk\206\242\277\335\377\034-?Rf{\221\253\300\337\353\016*Ge\204\244\265\307\332", > > <incomplete sequence \356>, > > > > finish_md = > > > "\003\031\060Ha{\226\262\319\356\f,=Obv\213\241\270\478\351\003\036:Wu\224\268\365\327\352\376\023)@Xq\213\246\302\347\365\034<M_r\206\233\261\311\340\361\023.Jg\205\244\304\325\357\371\016#9Ph\201\233\266\344\357\r,L]o\202\226\253\301\330\360\t#>Zw\225\264\327\345\364\n\036\063I`x\221\253\306\342\377\035<\\m\177\222\246\273\328\350\000\031\063Nj\207\245\304\344\365\a\032.", > > finish_md_len = -2005903037, > > > > peer_finish_md = > > > "\241\273\326\366\017-Ll}\217\242\266\314\341\370\020)C^z\227\265\324\366\005\027*>Si\200\230\261\363\346\002\037=\\|\215\237\262\363\333\362\b > > > 9Sn\212\247\305\344\004\025':Ncy\220\250\301\333\366\022/Ml\214\235\257\302\326\353\001\030\060Ic~\232\267\325\364\024%7J^s\211\240\270\321\353\006\"?]|\234\255\277\325\346\373\021(@Ys\216\252\307\345\004$5GZn\203\242\260", > > <incomplete sequence \310>, peer_finish_md_len = 840367073, message_size > > = 2894884175, message_type = -152907843, > > > > new_cipher = 0x5038210b, dh = 0xba9e8369, ecdh = 0x3414f5d7, > > next_state = 2120898373, reuse_message = -658462317, cert_req = > > 1109789681, ctype_num = -1130594977, > > > > ctype = "\315\337\362\006\033\061H`y", ca_names = 0x442405e7, > > use_rsa_tmp = -1904580779, key_block_length = -388974173, > > > > key_block = 0x52361b01 <Address 0x52361b01 out of bounds>, > > new_sym_enc = 0xccac8d6f, new_hash = 0x1602efdd, new_mac_pkey_type = > > 1884832043, > > > > new_mac_secret_size = -625040503, new_compression = 0x543415f7 > > <Address 0x543415f7 out of bounds>, cert_request = -1635092635}, > > > > previous_client_finished = > > > "\263\311\350\370\021+Fb\177\235\274\344\355\377\022&;Qh\200\241\263\326\352\a%Ddu\207\234\256\303\331\340\b!;Vr\217\255\314\364\375\027\"6Kax\220\251\303\336\362\029\065Tt\205\227\252\279", > > previous_client_finished_len = 211 '\323', > > > > previous_server_finished = > > > "\351\000\032\061Kf\202\247\275\334\374\r\037\062F[q\210\240\271\325\356\n'Ed\204\325\247\272\316\363\371\020(A[v\222\257\315\354\f\035/BVk\201\230\260\311\343\376\032\067Ut\224\255\267\312\346", > > <incomplete sequence \363>, previous_server_finished_len = 9 '\t', > > send_connection_binding = -1568249007, > > > > next_proto_neg_seen = 486333887, is_probably_safari = 45 '-', > > alpn_selected = 0xc0a8917b <Address 0xc0a8917b out of bounds>, > > alpn_selected_len = 705623001} > > > > (gdb) n > > > > *** glibc detected *** vikftp: double free or corruption (!prev): > > 0x08736610 *** > > > > Missing separate debuginfo for /lib/libgcc_s.so.1 > > > > ======= Backtrace: ========= > > > > /lib/libc.so.6[0xf75b3a51] > > > > /lib/libc.so.6(__libc_free+0x84)[0xf75b5224] > > > > vikftp(CRYPTO_free+0x40)[0x820e9e8] > > > > vikftp(ssl3_free+0x198)[0x82e15c1] > > > > vikftp(tls1_free+0x3b)[0x823b034] > > > > vikftp(SSL_free+0x1fd)[0x8230151] > > > > vikftp[0x8165dac] > > > > vikftp[0x815236b] > > > > vikftp[0x8156afe] > > > > vikftp[0x8154a3f] > > > > vikftp[0x8154578] > > > > vikftp(vikftp+0x2ea)[0x8150e6a] > > > > vikftp(main+0x17f)[0x81f8173] > > > > /lib/libc.so.6(__libc_start_main+0xdc)[0xf756589c] > > > > vikftp[0x8094441] > > > > ======= Memory map: ======== > > > > 08048000-0862c000 r-xp 00000000 fd:00 854843 > > /App/vikftp > > > > 0862c000-08670000 rwxp 005e4000 fd:00 854843 > > /App/vikftp > > > > 08670000-08765000 rwxp 08670000 00:00 0 > > [heap] > > > > f6e00000-f6e21000 rwxp f6e00000 00:00 0 > > > > f6e21000-f6f00000 ---p f6e21000 00:00 0 > > > > f6f25000-f6f26000 rwxp f6f25000 00:00 0 > > > > f6f26000-f6f27000 rwxs 00000000 ca:02 1057441 > > /var/vik/tmp/AMCMMON > > > > f6f27000-f6f28000 rwxs 00000000 ca:02 155213 > > /var/vik/tmp/AMLOG > > > > f6f28000-f6f2f000 r-xs 00000000 ca:02 26686 > > /usr/lib/gconv/gconv-modules.cache > > > > f6f2f000-f6f62000 r-xp 00000000 ca:02 30659 > > /usr/lib/locale/en_US.utf8/LC_CTYPE > > > > f7491000-f74c6000 r-xs 00000000 ca:02 269730 > > /var/run/nscd/group > > > > f74c6000-f74fb000 r-xs 00000000 ca:02 269729 > > /var/run/nscd/passwd > > > > f74fb000-f753d000 rwxp f74fb000 00:00 0 > > > > f753d000-f754e000 r-xp 00000000 ca:02 26359 > > /lib/libaudit.so.0.0.0 > > > > f754e000-f7550000 rwxp 00010000 ca:02 26359 > > /lib/libaudit.so.0.0.0 > > > > f7550000-f768b000 r-xp 00000000 ca:02 25372 > > /lib/libc-2.4.so <http://libc-2.4.so> > > > > f768b000-f768c000 rwxp 0013a000 ca:02 25372 > > /lib/libc-2.4.so <http://libc-2.4.so> > > > > f768c000-f768d000 r-xp 0013b000 ca:02 25372 > > /lib/libc-2.4.so <http://libc-2.4.so> > > > > f768d000-f768f000 rwxp 0013c000 ca:02 25372 > > /lib/libc-2.4.so <http://libc-2.4.so> > > > > f768f000-f7693000 rwxp f768f000 00:00 0 > > > > f7693000-f76b8000 r-xp 00000000 ca:02 25380 > > /lib/libm-2.4.so <http://libm-2.4.so> > > > > f76b8000-f76ba000 rwxp 00025000 ca:02 25380 > > /lib/libm-2.4.so <http://libm-2.4.so> > > > > f76ba000-f76c4000 r-xp 00000000 ca:02 36150 > > /lib/libpam.so.0.81.5 > > > > f76c4000-f76c5000 rwxp 00009000 ca:02 36150 > > /lib/libpam.so.0.81.5 > > > > f76c5000-f76c8000 r-xp 00000000 ca:02 25378 > > /lib/libdl-2.4.so <http://libdl-2.4.so> > > > > f76c8000-f76ca000 rwxp 00002000 ca:02 25378 > > /lib/libdl-2.4.so <http://libdl-2.4.so> > > > > f76ca000-f76d3000 r-xp 00000000 ca:02 25376 > > /lib/libcrypt-2.4.so <http://libcrypt-2.4.so> > > > > f76d3000-f76d6000 rwxp 00008000 ca:02 25376 > > /lib/libcrypt-2.4.so <http://libcrypt-2.4.so> > > > > f76d6000-f76fd000 rwxp f76d6000 00:00 0 > > > > f770b000-f7715000 r-xp 00000000 ca:02 30823 > > /lib/libgcc_s.so.1 > > > > f7715000-f7716000 rwxp 00009000 ca:02 30823 > > /lib/libgcc_s.so.1 > > > > f7718000-f7719000 rwxp f7718000 00:00 0 > > > > f7719000-f7735000 r-xp 00000000 ca:02 25365 > > /lib/ld-2.4.so <http://ld-2.4.so> > > > > f7735000-f7737000 rwxp 0001b000 ca:02 25365 > /l > > > > Program received signal SIGABRT, Aborted. > > > > 0xffffe410 in ?? () > > > > (gdb) bt > > > > #0 0xffffe410 in ?? () > > > > #1 0x00000006 in ?? () > > > > #2 0x0000704d in ?? () > > > > #3 0xf7578a30 in raise () from /lib/libc.so.6 > > > > #4 0xf757a153 in abort () from /lib/libc.so.6 > > > > #5 0xf75ae08b in __libc_message () from /lib/libc.so.6 > > > > #6 0xf75b3a51 in malloc_printerr () from /lib/libc.so.6 > > > > #7 0xf75b5224 in free () from /lib/libc.so.6 > > > > #8 0x0820e9e8 in CRYPTO_free (str=0x8736610) at /102d/s/mem.c:442 > > > > #9 0x082e15c1 in ssl3_free (s=0x8736430) at /102d/s/s3_lib.c:3047 > > > > #10 0x0823b034 in tls1_free (s=0x8736430) at /102d/s/t1_lib.c:217 > > > > #11 0x08230151 in SSL_free (s=0x8736430) at /102d/s/ssl_lib.c:639 > > > > #12 0x08165dac in closeConnection (pcx=0x86e0400, rsn=0x0, graceful=1 > > '\001') at /App/ftp.c:10098 > > > > On 25 Feb 2016 2:20 pm, "Mike Mohr" <akihana at gmail.com > > <mailto:akihana at gmail.com>> wrote: > > > > You'll need to rebuild your application and openssl with debugging > > symbols and no optimization, then run it inside gdb to produce a > > more useful stack trace. Since you don't include any context or > > source code snippets it isn't really possible to help. Can you > > produce a reduced test case with source code which reproduces the > bug? > > > > As long as politics is the shadow cast on society by big business, > > the attenuation of the shadow will not change the substance. > > > > John Dewey: The Later Works, 1925-1953; Volume 6, pp. 163 > > > > On Feb 24, 2016 11:33 PM, "Vikas TM" <vikas.tm at gmail.com > > <mailto:vikas.tm at gmail.com>> wrote: > > > > Hi, > > > > While running my application with openSSL 102d and I encountered > > double free error or corruption. > > > > As per few threads suggestion, I have changed getpid() with > > pthread_self() in CRYPTO_thread_id(). Still the result is same. > > > > Please let me know if any fix available to this issue. > > > > *** glibc detected *** xxx: double free or corruption (!prev): > > 0x097b8750 *** > > > > ======= Backtrace: ========= > > > > /lib/libc.so.6[0x1768b6] > > > > /lib/libc.so.6(cfree+0x90)[0x179e00] > > > > xxx(CRYPTO_free+0x3a)[0x81b89be] > > > > xxx(ssl_cert_free+0x13f)[0x826fa23] > > > > xxx(SSL_free+0x14d)[0x81d7e08] > > > > Thanks & Regards, > > Vikas > > > > > > -- > > openssl-users mailing list > > To unsubscribe: > > https://mta.openssl.org/mailman/listinfo/openssl-users > > > > > > -- > > openssl-users mailing list > > To unsubscribe: > https://mta.openssl.org/mailman/listinfo/openssl-users > > > > > > > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users > -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20160411/e4edf5ae/attachment-0001.html>