Re: Random and rare Seg faults at openssl library level

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi,

On 06/01/21 18:10, Gimhani Uthpala wrote:
Dear team,
I'm running an application which uses openssl for secure communication between processes. I am getting seg-faults at openssl level. This only occurred very randomly and the following are stacks that seg faults  at openssl level in the given 2 cases. We are using openssl 1.0.2k. 

version 1.0.2k suggests you are using RHEL7/CentOS 7, correct?
Went through the security vulnerabilities list for this version but couldn't find a clue. Running valgrind too didn't give an exact clue related to the issue. Can you please guide me how can I find the exact root cause for the seg fault?  

I am calling SSL_do_handshake(ssl_ctx) from my code level and both the below seg faults are occuring from it's inside. 

#0  0x00007fd64cdabdd3 in ASN1_item_verify () from /lib64/libcrypto.so.10
#1  0x00007fd64cdcac58 in internal_verify () from /lib64/libcrypto.so.10
#2  0x00007fd64cdccaef in X509_verify_cert () from /lib64/libcrypto.so.10
#3  0x00007fd64d111c68 in ssl_verify_cert_chain () from /lib64/libssl.so.10
#4  0x00007fd64d0e8cc6 in ssl3_get_client_certificate () from /lib64/libssl.so.10
#5  0x00007fd64d0ea3f8 in ssl3_accept () from /lib64/libssl.so.10


so the segfault occurs inside ASN1_item_verify () when verifying the certificate - it could be a malformed certificate with invalid ASN1 encoding; do you have the certificate that causes the segfault?

If you do not, then it is worthwhile recording/storing all certificates until you find the one that causes the segfault and then examine it.


HTH,

JJK
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux