First Last Prev Next    This bug is not in your last search results.
Bug 476519 - SSL_CTX_set_cipher_list() causes Segmentation fault
SSL_CTX_set_cipher_list() causes Segmentation fault
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: nss_compat_ossl (Show other bugs)
10
All Linux
medium Severity high
: ---
: ---
Assigned To: Rob Crittenden
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-12-15 07:35 EST by Petr Lautrbach
Modified: 2009-01-07 04:26 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-07 04:10:21 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
The cipher list is supposed to be a const, don't mess with it (1015 bytes, patch)
2008-12-15 10:34 EST, Rob Crittenden 		no flags Details | Diff
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Petr Lautrbach 2008-12-15 07:35:02 EST 
Description of problem:
src/ssl.c: int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); calls 

rv = nss_parse_ciphers((char *)str, cipher_state);

which tries to change memory assigned to str:
src/ssl.c:203                 *ciphers++ = '\0';      


Version-Release number of selected component (if applicable):
nss_compat_ossl-0.9.4-1.fc10

How reproducible:

Steps to Reproduce:
1.call SSL_CTX_set_cipher_list(sslnfo->ctx,
                "RC4-SHA:RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP-ADH-DES-CBC-SHA:ADH-AES256-SHA:ADH-DES-CBC-SHA:ADH-RC4-MD5:AES256-SHA:DES-CBC-SHA:DES-CBC3-SHA:ADH-DES-CBC3-SHA:AES128-SHA:ADH-AES128-SHA:eNULL:ALL")

2.
3.
  
Actual results:
Program received signal SIGSEGV, Segmentation fault.
nss_parse_ciphers (                                 
    ciphers=0x498aa7 ":RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP-ADH-DE"..., cipher_list=0x7fffffff85d0) at ssl.c:203                                            
203                 *ciphers++ = '\0';                                                  

(gdb) backtrace                                                                                                                                             
#0  nss_parse_ciphers (                                                                                                                                     
    ciphers=0x498aa7 ":RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP-ADH-DE"..., cipher_list=0x7fffffff85d0) at ssl.c:203                                            
#1  0x000000000011b434 in SSL_CTX_set_cipher_list (ctx=0xe505e0,                                                                                            
    str=0x498aa0 "RC4-SHA:RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP"...) at ssl.c:1878                                                                           
#2  0x000000000047baac in Nsock_SSL_Init () at nsock_ssl.c:112                          


Expected results:


Additional info:
Comment 1 Rob Crittenden 2008-12-15 10:34:29 EST 
Created attachment 326978 [details]
The cipher list is supposed to be a const, don't mess with it
Comment 2 Rob Crittenden 2008-12-15 11:12:29 EST 
Committed upstream:

Sending        ssl.c
Transmitting file data .
Committed revision 68.

Starting builds in Fedora.
Comment 3 Fedora Update System 2008-12-15 13:04:23 EST 
nss_compat_ossl-0.9.4-2.fc9 has been submitted as an update for Fedora 9.
http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-2.fc9
Comment 4 Fedora Update System 2008-12-15 13:04:26 EST 
nss_compat_ossl-0.9.4-2.fc8 has been submitted as an update for Fedora 8.
http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-2.fc8
Comment 5 Fedora Update System 2008-12-15 13:04:29 EST 
nss_compat_ossl-0.9.4-2.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-2.fc10
Comment 6 Fedora Update System 2008-12-17 19:32:16 EST 
nss_compat_ossl-0.9.4-2.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update nss_compat_ossl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-11354
Comment 7 Fedora Update System 2008-12-17 19:38:41 EST 
nss_compat_ossl-0.9.4-2.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update nss_compat_ossl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-11393
Comment 8 Fedora Update System 2008-12-17 19:43:27 EST 
nss_compat_ossl-0.9.4-2.fc9 has been pushed to the Fedora 9 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing-newkey update nss_compat_ossl'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-11399
Comment 9 Fedora Update System 2009-01-07 04:10:18 EST 
nss_compat_ossl-0.9.4-2.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2009-01-07 04:15:39 EST 
nss_compat_ossl-0.9.4-2.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 11 Fedora Update System 2009-01-07 04:26:50 EST 
nss_compat_ossl-0.9.4-2.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.