Hi,
I've had 2 users report a crash in RC4() on x86_64. The
backtrace looks like:
#0 RC4 () at rc4-x86_64.s:343
#1 0x000000000000012d in ?? ()
#2 0x00000000000000df in ?? ()
#3 0x00000000020b5660 in ?? ()
#4 0x00007fc075f6a9c9 in rc4_hmac_md5_cipher (ctx=<optimized out>,
out=0x20aae98
".\324\300\377AE'|#\242\300\233\025T\341\002}\237\242\240\273G\260\257\214z\321\001HK«RA\257HC0\"0\257N*1C/,$\252-N1&%&1\261\"/0C*'C\246-\"!/&C*\nb%
SO\261\067\303\060,17^'*\260\063/\":C7+\261&\"'^1&%\246\061&-
&0C\267+1&\"'^1\246%0C.6/7\252\"33&-'C\266-0&/& 7\303 +*/'1&\255C-\".&03\242
&C6*'3\257\066\060C/*07\316&;7&-'&\247C*R[-/&\265&/^RC ,\255"..., in=<optimized
out>, len=0) at e_rc4_hmac_md5.c:163
#5 0x00007fc076272b8f in tls1_enc (s=0x209c120, send=1) at t1_enc.c:828
#6 0x00007fc076269e18 in do_ssl3_write (s=0x209c120, type=23,
buf=0x209cf34 "2 OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS
ID ENABLE IDLE SORT SORT=DISPLAY THREAD=REFERENCES THREAD=REFS MULTIAPPEND
UNSELECT CHILDREN NAMESPACE UIDPLUS LIST-EXTENDED I18NLEVEL=1 CON"..., len=285,
create_empty_fragment=0) at s3_pkt.c:808
#7 0x00007fc07626a144 in ssl3_write_bytes (s=0x209c120, type=23,
buf_=0x209cf34, len=<optimized out>) at s3_pkt.c:605
This looks simular to the AES problem with had, with a length of 0?
More details are at:
http://bugs.debian.org/666405
Kurt
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
