Description of problem: I add TLS/SSL capability for my application. It should behave as a TLS/SSL client. However during connection establishment the program crashes in libssl library - segfault. Here is the stack from core dump: [jirka@localhost src]$ gdb ./sipte core.5978 GNU gdb Red Hat Linux (6.6-15.fc7rh) Copyright (C) 2006 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux-gnu"... Using host libthread_db library "/lib/libthread_db.so.1". warning: Can't read pathname for load map: Input/output error. Reading symbols from /lib/libpthread.so.0...done. Loaded symbols for /lib/libpthread.so.0 Reading symbols from /lib/libssl.so.6...Reading symbols from /usr/lib/debug/lib/libssl.so.0.9.8b.debug...done. done. Loaded symbols for /lib/libssl.so.6 Reading symbols from /usr/lib/libstdc++.so.6...done. Loaded symbols for /usr/lib/libstdc++.so.6 Reading symbols from /lib/libm.so.6...done. Loaded symbols for /lib/libm.so.6 Reading symbols from /lib/libgcc_s.so.1...done. Loaded symbols for /lib/libgcc_s.so.1 Reading symbols from /lib/libc.so.6...done. Loaded symbols for /lib/libc.so.6 Reading symbols from /lib/libcrypto.so.6...Reading symbols from /usr/lib/debug/lib/libcrypto.so.0.9.8b.debug...done. done. Loaded symbols for /lib/libcrypto.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 Reading symbols from /usr/lib/libgssapi_krb5.so.2...done. Loaded symbols for /usr/lib/libgssapi_krb5.so.2 Reading symbols from /usr/lib/libkrb5.so.3...done. Loaded symbols for /usr/lib/libkrb5.so.3 Reading symbols from /lib/libcom_err.so.2...done. Loaded symbols for /lib/libcom_err.so.2 Reading symbols from /usr/lib/libk5crypto.so.3...done. Loaded symbols for /usr/lib/libk5crypto.so.3 Reading symbols from /lib/libresolv.so.2...done. Loaded symbols for /lib/libresolv.so.2 Reading symbols from /lib/libdl.so.2...done. Loaded symbols for /lib/libdl.so.2 Reading symbols from /lib/libz.so.1...done. Loaded symbols for /lib/libz.so.1 Reading symbols from /usr/lib/libkrb5support.so.0...done. Loaded symbols for /usr/lib/libkrb5support.so.0 Reading symbols from /lib/libkeyutils.so.1...done. Loaded symbols for /lib/libkeyuCore was generated by `./sipte -i netctl2.in -TLS_VER tls1'. Program terminated with signal 11, Segmentation fault. #0 0x022af3cf in ssl3_write_pending (s=0xbec0e80, type=22, buf=0xbec16e8 "\2009�\v�\017�\v", len=96) at s3_pkt.c:754 754 if (i == s->s3->wbuf.left) (gdb) bt #0 0x022af3cf in ssl3_write_pending (s=0xbec0e80, type=22, buf=0xbec16e8 "\2009�\v�\017�\v", len=96) at s3_pkt.c:754 #1 0x022af6d9 in do_ssl3_write (s=0xbec0e80, type=22, buf=0xbec16e8 "\2009�\v�\017�\v", len=96, create_empty_fragment=0) at s3_pkt.c:718 #2 0x022af9d4 in ssl3_write_bytes (s=0xbec0e80, type=22, buf_=0xbec16e8, len=96) at s3_pkt.c:547 #3 0x022b19b0 in ssl3_do_write (s=0xbec0e80, type=22) at s3_both.c:132 #4 0x022ab30c in ssl3_client_hello (s=0xbec0e80) at s3_clnt.c:616 #5 0x022aca85 in ssl3_connect (s=0xbec0e80) at s3_clnt.c:243 #6 0x022bd7bd in SSL_do_handshake (s=0xbec0e80) at ssl_lib.c:2042 #7 0x08099392 in process_net_ctl () #8 0x0809a3fa in process_exec_queue () #9 0x0809a890 in execute_input_script () #10 0x0808f195 in main () (gdb) Version-Release number of selected component (if applicable): Linux localhost.localdomain 2.6.22.7-85.fc7 #1 SMP Fri Sep 21 19:53:05 EDT 2007 i686 i686 i386 GNU/Linux openssl-0.9.8b-14.fc7 How reproducible: It occurs quite regularly (even if not every time). Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
I suppose that it is a problem in your application in how it calls OpenSSL. The backtrace is not suspicious - if the crash is really on the access to s->s3->wbuf.left it would have to mean that it is somehow silently corrupted during the operation. Is your application multithreaded? As I don't see any other reports of regularly crashing applications which try SSL connects through OpenSSL I'd really need some simple reproducer to trace the crash more.
First off all thanks for a quick response. I must confirm that, it's not a bug in openssl. I was not quite correct in my first report as the crash appears not during session establishment but renegotiation. Nevertheless your guess about multithreaded application has been right. I have debugged it a bit and have found that s->s3 was 'nulled' in one thread, so that in the other it caused segmentation.