View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000583 | LDMud 3.3 | Other | public | 2008-11-23 13:27 | 2018-01-29 21:57 |
| Reporter | willem | Assigned To | Gnomi | ||
| Priority | normal | Severity | crash | Reproducibility | sometimes |
| Status | resolved | Resolution | fixed | ||
| Fixed in Version | 3.3.719 | ||||
| Summary | 0000583: TLS: context->client_CA free()'d while still in use | ||||
| Description | If using OpenSSL, and the driver is invoked without --tls-trustfile, "context->client_CA" is freed, and the memory gets overwritten with other data. On one of my machines, "context->client_CA->num" always gets overwritten with 0x0, so it thinks it has no certificates, but doesn't crash. On another machine the value is instead a large integer. This produces a SIGSEGV when attempting to dereference "context->client_CA->data" which also contains garbage. The problem occurs because SSL_CTX_set_client_CA_list() doesn't check to see if "context->client_CA" and "stack" are already the same. This is the case when no trustfile is specified. It will free "context->client_CA" immediately if it is not NULL, and replace it with "stack" (the same value, and a bad pointer). Below is an untested patch that might fix the problem. | ||||
| Additional Information | --- pkg-tls.c 2008-08-11 08:28:52.000000000 +0700 +++ pkg-tls.c 2008-11-24 01:43:35.000000000 +0700 @@ -389,6 +389,7 @@ if (trustfile != NULL) { stack = SSL_load_client_CA_file(trustfile); + SSL_CTX_set_client_CA_list(context, stack); } else { @@ -398,11 +399,6 @@ { SSL_add_dir_cert_subjects_to_stack(stack, trustdirectory); } - - if (stack != NULL) - { - SSL_CTX_set_client_CA_list(context, stack); - } } #endif | ||||
| Tags | No tags attached. | ||||
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2008-11-23 13:27 | willem | New Issue | |
| 2008-12-26 17:34 | Gnomi | Status | new => assigned |
| 2008-12-26 17:34 | Gnomi | Assigned To | => Gnomi |
| 2009-04-12 12:03 | Gnomi | Note Added: 0001020 | |
| 2009-04-12 12:03 | Gnomi | Status | assigned => resolved |
| 2009-04-12 12:03 | Gnomi | Fixed in Version | => 3.3.719 |
| 2009-04-12 12:03 | Gnomi | Resolution | open => fixed |
| 2009-04-14 12:12 | zesstra | Project | LDMud => LDMud 3.3 |
| 2009-10-05 14:36 | zesstra | Relationship added | has duplicate 0000677 |
| 2010-11-16 09:42 | Gnomi | Source_changeset_attached | => ldmud.git master d7fa87e2 |
| 2018-01-29 18:59 | Gnomi | Source_changeset_attached | => ldmud.git master d7fa87e2 |
| 2018-01-29 21:57 | Gnomi | Source_changeset_attached | => ldmud.git master d7fa87e2 |
