Description of problem: src/ssl.c: int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str); calls rv = nss_parse_ciphers((char *)str, cipher_state); which tries to change memory assigned to str: src/ssl.c:203 *ciphers++ = '\0'; Version-Release number of selected component (if applicable): nss_compat_ossl-0.9.4-1.fc10 How reproducible: Steps to Reproduce: 1.call SSL_CTX_set_cipher_list(sslnfo->ctx, "RC4-SHA:RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP-ADH-DES-CBC-SHA:ADH-AES256-SHA:ADH-DES-CBC-SHA:ADH-RC4-MD5:AES256-SHA:DES-CBC-SHA:DES-CBC3-SHA:ADH-DES-CBC3-SHA:AES128-SHA:ADH-AES128-SHA:eNULL:ALL") 2. 3. Actual results: Program received signal SIGSEGV, Segmentation fault. nss_parse_ciphers ( ciphers=0x498aa7 ":RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP-ADH-DE"..., cipher_list=0x7fffffff85d0) at ssl.c:203 203 *ciphers++ = '\0'; (gdb) backtrace #0 nss_parse_ciphers ( ciphers=0x498aa7 ":RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP-ADH-DE"..., cipher_list=0x7fffffff85d0) at ssl.c:203 #1 0x000000000011b434 in SSL_CTX_set_cipher_list (ctx=0xe505e0, str=0x498aa0 "RC4-SHA:RC4-MD5:NULL-SHA:EXP-DES-CBC-SHA:EXP-EDH-RSA-DES-CBC-SHA:EXP-RC4-MD5:NULL-MD5:EDH-RSA-DES-CBC-SHA:EXP-RC2-CBC-MD5:EDH-RSA-DES-CBC3-SHA:EXP-ADH-RC4-MD5:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:EXP"...) at ssl.c:1878 #2 0x000000000047baac in Nsock_SSL_Init () at nsock_ssl.c:112 Expected results: Additional info:
Created attachment 326978 [details] The cipher list is supposed to be a const, don't mess with it
Committed upstream: Sending ssl.c Transmitting file data . Committed revision 68. Starting builds in Fedora.
nss_compat_ossl-0.9.4-2.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-2.fc9
nss_compat_ossl-0.9.4-2.fc8 has been submitted as an update for Fedora 8. http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-2.fc8
nss_compat_ossl-0.9.4-2.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/nss_compat_ossl-0.9.4-2.fc10
nss_compat_ossl-0.9.4-2.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update nss_compat_ossl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-11354
nss_compat_ossl-0.9.4-2.fc10 has been pushed to the Fedora 10 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update nss_compat_ossl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2008-11393
nss_compat_ossl-0.9.4-2.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing-newkey update nss_compat_ossl'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-11399
nss_compat_ossl-0.9.4-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
nss_compat_ossl-0.9.4-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
nss_compat_ossl-0.9.4-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.