Re: BIO_flush Segmentation Fault Issue

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


The SSL BIO should have the rbio from the SSL object as the next BIO.
If you create the SSL BIO and then BIO_push() the TCP socket BIO into
the SSL BIO, it will work correctly.

Otherwise, you can just fix the next BIO of the SSL BIO by using

BIO_set_next(sslbio, socketbio); 

The SSL BIO should always have a next BIO if properly initialized.

Tomas Mraz, OpenSSL

On Thu, 2022-09-29 at 13:02 -0700, Jay Foster wrote:
> I have an application that constructs a chain of BIOs.  Sometimes
> this 
> chain also includes an SSL BIO.  Years ago, I ran into a problem that
> caused BIO_flush() to segfault on the SSL BIO.  This turned out to 
> happen because the SSL BIO is added using SSL_set_bio() instead of 
> BIO_push().  SSL_set_bio() results in the SSL BIO always having a
> bio_next value, so BIO_flush then crashes dereferencing this NULL 
> pointer when it calls BIO_copy_next_retry() on the SSL BIO (see 
> BIO_CTRL_FLUSH in ssl/bio_ssl.c).
> This was reported as ticket 2615 years ago.
> My question is, how could calling BIO_flush() on a BIO chain with an
> SSL 
> BIO ever work?  Is there a way to add the SSL BIO using BIO_push() 
> instead of SSL_set_bio()?
> Jay

Tomáš Mráz, OpenSSL

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux