Hi! I would like to close this since it's not a bug.
Best regards, Fredrik Jansson On Mon, Oct 28, 2013 at 9:33 AM, The default queue via RT <r...@openssl.org>wrote: > > Greetings, > > This message has been automatically generated in response to the > creation of a trouble ticket regarding: > "Segfault in d1_pkt.c in FIPS mode", > a summary of which appears below. > > There is no need to reply to this message right now. Your ticket has been > assigned an ID of [openssl.org #3152]. > > Please include the string: > > [openssl.org #3152] > > in the subject line of all future correspondence about this issue. To do > so, > you may reply to this message. > > Thank you, > r...@openssl.org > > ------------------------------------------------------------------------- > OpenSSL 1.0.1e > > In the function dtls1_get_record the pointer p is initialized to NULL at > function entry. Later the pointer may be initialized inside an if > statement. The pointer is later dereferenced, w/o null check, resulting in > a segfault. > > In our product this only happens when OpenSSL is in FIPS mode. > > I have supplied a simple patch that solves the problem on my test machines. > > Best regards, > Fredrik Jansson > > "Pseudo code" > > unsigned char *p = NULL; > > ... > > if ( (s->rstate != SSL_ST_READ_BODY) || > > (s->packet_length < DTLS1_RT_HEADER_LENGTH)) > > { > > ... > > p = s->packet; > > ... > > } > > ... > > if (!(s->d1->listen && rr->type == SSL3_RT_HANDSHAKE && > > *p == SSL3_MT_CLIENT_HELLO) && > > !dtls1_record_replay_check(s, bitmap)) { ... } > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org