Re: [openssl.org #1591] get_session_cb callback invoked with no previous session in 0.9.8f

[EMAIL PROTECTED] via RT Wed, 17 Oct 2007 10:25:01 -0700

Hi Lutz,

Apologies, I should have included a stack trace with the bug report.


FYI - attached is a Windows/Apache 2.2.6/OpenSSL 0.9.8f VC8 stack trace.

The problem is not Windows-specific. I observe it on several platforms.

This patch seems to correct the problem by checking for a zero-length previous 
session_id:
=================================================================
--- ssl/s3_srvr.orig    2007-09-30 14:56:00.000000000 -0400
+++ ssl/s3_srvr.c       2007-10-17 12:51:58.311934000 -0400
@@ -743,7 +743,7 @@
         * might be written that become totally unsecure when compiled with
         * an earlier library version)
         */
-       if ((s->new_session && (s->options & 
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
+       if (j == 0 || (s->new_session && (s->options & 
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION)))
                {
                if (!ssl_get_new_session(s,1))
                        goto err;
=================================================================

Regards,
-tom-

Lutz Jaenicke via RT wrote:
>> [EMAIL PROTECTED] - Wed Oct 17 18:11:27 2007]:
>>
>> Starting with OpenSSL 0.9.8f, ssl3_get_client_hello() no longer tests
>> whether the client proposed a
>> previous session_id before trying to process it. In previous releases,
>> a new session was always
>> created if no previous session was proposed (i.e. if j==0 at
>> ssl\s3_srvr.c:746)
> 
> The problem is being worked upon.
> 
> Best regards,
>    Lutz
>

Windows Apache 2.2.6 OpenSSL 0.9.8f  Visual Studio 2005 SP1

    [Wed Oct 17 12:11:39 2007] [error] unusably short session_id provided (0 
bytes)

>       libhttpd.dll!log_error_core(const char * file=0x6fd22d54, int 
> line=0x000002d3, int level=0x00000003, int status=0x00000000, const 
> server_rec * s=0x0093bf40, const conn_rec * c=0x00000000, const request_rec * 
> r=0x00000000, apr_pool_t * pool=0x00000000, const char * fmt=0x6fd22d24, char 
> * args=0x048afa90)  Line 658      C
        libhttpd.dll!ap_log_error(const char * file=0x6fd22d54, int 
line=0x000002d3, int level=0x00000003, int status=0x00000000, const server_rec 
* s=0x0093bf40, const char * fmt=0x6fd22d24, ...)  Line 677 + 0x27 bytes     C
        mod_ssl.so!shmcb_retrieve_session(server_rec * s=0x0093bf40, void * 
shm_segment=0x00b80008, unsigned char * id=0x009e69df, int idlen=0x00000000)  
Line 724 + 0x21 bytes C
        mod_ssl.so!ssl_scache_shmcb_retrieve(server_rec * s=0x0093bf40, 
unsigned char * id=0x009e69df, int idlen=0x00000000)  Line 432 + 0x18 bytes     
C
        mod_ssl.so!ssl_scache_retrieve(server_rec * s=0x0093bf40, unsigned char 
* id=0x009e69df, int idlen=0x00000000)  Line 115 + 0x11 bytes   C
        mod_ssl.so!ssl_callback_GetSessionCacheEntry(ssl_st * ssl=0x009ddfd0, 
unsigned char * id=0x009e69df, int idlen=0x00000000, int * do_copy=0x048afb50)  
Line 1670 + 0x11 bytes    C
        ssleay32.dll!ssl_get_prev_session(ssl_st * s=0x009ddfd0, unsigned char 
* session_id=0x009e69df, int len=0x00000000, const unsigned char * 
limit=0x009e69f9)  Line 352 + 0x34 bytes      C
        ssleay32.dll!ssl3_get_client_hello(ssl_st * s=0x009ddfd0)  Line 753 + 
0x18 bytes        C
        ssleay32.dll!ssl3_accept(ssl_st * s=0x009ddfd0)  Line 282 + 0x9 bytes   
C
        ssleay32.dll!SSL_accept(ssl_st * s=0x009ddfd0)  Line 850 + 0xf bytes    
C
        ssleay32.dll!ssl23_get_client_hello(ssl_st * s=0x009ddfd0)  Line 568 + 
0x9 bytes        C
        ssleay32.dll!ssl23_accept(ssl_st * s=0x009ddfd0)  Line 203 + 0x9 bytes  
C
        ssleay32.dll!SSL_accept(ssl_st * s=0x009ddfd0)  Line 850 + 0xf bytes    
C
        mod_ssl.so!ssl_io_filter_connect(ssl_filter_ctx_t * 
filter_ctx=0x009db488)  Line 1047 + 0xb bytes       C
        mod_ssl.so!ssl_io_filter_input(ap_filter_t * f=0x009e36a8, 
apr_bucket_brigade * bb=0x009e5560, ap_input_mode_t mode=AP_MODE_GETLINE, 
apr_read_type_e block=APR_BLOCK_READ, __int64 readbytes=0x0000000000000000)  
Line 1292 + 0xf bytes C
        libhttpd.dll!ap_get_brigade(ap_filter_t * next=0x009e36a8, 
apr_bucket_brigade * bb=0x009e5560, ap_input_mode_t mode=AP_MODE_GETLINE, 
apr_read_type_e block=APR_BLOCK_READ, __int64 readbytes=0x0000000000000000)  
Line 490 + 0x22 bytes C
        libhttpd.dll!ap_rgetline_core(char * * s=0x009e4788, unsigned int 
n=0x00002000, unsigned int * read=0x048afeb4, request_rec * r=0x009e4770, int 
fold=0x00000000, apr_bucket_brigade * bb=0x009e5560)  Line 232 + 0x1b bytes     
C
        libhttpd.dll!read_request_line(request_rec * r=0x009e4770, 
apr_bucket_brigade * bb=0x009e5560)  Line 597 + 0x27 bytes   C
        libhttpd.dll!ap_read_request(conn_rec * conn=0x009dafd8)  Line 891 + 
0xd bytes  C
        libhttpd.dll!ap_process_http_connection(conn_rec * c=0x009dafd8)  Line 
177 + 0x9 bytes  C
        libhttpd.dll!ap_run_process_connection(conn_rec * c=0x009dafd8)  Line 
43 + 0x50 bytes   C
        libhttpd.dll!ap_process_connection(conn_rec * c=0x009dafd8, void * 
csd=0x009d5f60)  Line 180    C
        libhttpd.dll!worker_main(void * thread_num_val=0x000000f0)  Line 777    
C
        msvcr80d.dll!__beginthreadex()  + 0x221 bytes   
        msvcr80d.dll!__beginthreadex()  + 0x1c7 bytes   
        [EMAIL PROTECTED]()  + 0x52 bytes

Re: [openssl.org #1591] get_session_cb callback invoked with no previous session in 0.9.8f

Reply via email to