Hi,
I use OpenSSL 1.0.0j
Application crash on following address.
L100127E0:
mov eax,[esp+04h]
push esi
push edi
push eax
call SSL_get_ciphers
mov edi,eax
push edi
xor esi,esi
call LIBEAY32.dll!sk_num
add esp,00000008h
test eax,eax
jle L10012820
lea ecx,[ecx+00h]
L10012800:
push esi
push edi
call LIBEAY32.dll!sk_value
add esp,00000008h
cmp dword ptr [eax+1Ch],00000001h < !!!!!!!!!!!!!!!!eax = 0
jz L10012828
push edi
add esi,00000001h
call LIBEAY32.dll!sk_num
add esp,00000004h
cmp esi,eax
jl L10012800
L10012820:
pop edi
mov eax,00000001h
pop esi
retn
;------------------------------------
source code : s3_srvr.c Line 989
for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++)
{
c=sk_SSL_CIPHER_value(ciphers,i);
if (c->id == id) /// <<<<<<<<<<<<<<<< not checked the
value "c"
which is null pointer
{
j=1;
break;
}
}
I felt it is bug.
Sincerely.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
