Crash seen in "OPENSSL_sk_pop_free" API

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi All,

We are using OpenSSl version 1.1.1d in our program and crash is being seen in "OPENSSL_sk_pop_free" API, we invoke this API in our certificate verification API. Since crash is not seen always, trying to understand from OpenSSL code, when can this occur?

Below is the bt of the crash

#0  0x0f31f438 in OPENSSL_sk_pop_free (st=0x1041de20, func=0xf34d5b0 <X509_free>) at crypto/stack/stack.c:367
        i = 0
#1  0x0f344c74 in sk_X509_pop_free (freefunc=<optimized out>, sk=<optimized out>) at include/openssl/x509.h:99
No locals.
#2  X509_STORE_CTX_cleanup (ctx=ctx@entry=0x1041ba70) at crypto/x509/x509_vfy.c:2454
No locals.
#3  0x0f344cf4 in X509_STORE_CTX_free (ctx=ctx@entry=0x1041ba70) at crypto/x509/x509_vfy.c:2281
No locals
....

Below is the OpenSSL code

360 void OPENSSL_sk_pop_free(OPENSSL_STACK *st, OPENSSL_sk_freefunc func)
361 {
362    int i;
363
364    if (st == NULL)
365        return;
366    for (i = 0; i < st->num; i++)
367        if (st->data[i] != NULL)---------------------> Crash seen here
368            func((char *)st->data[i]);
369    OPENSSL_sk_free(st);
370 }

Can someone please help to understand under what conditions this can happen?

We use the below API's during certificate verification:

X509_STORE_new()
X509_STORE_CTX_new()
X509_STORE_set_verify_cb_func
X509_STORE_set_default_paths
X509_STORE_load_locations
X509_STORE_CTX_init
X509_STORE_CTX_set_flags
X509_verify_cert
/* Cleanup. */
FREE_X509_STORE_CTX(pContext);

Thanks
Bala



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux