Hello,
We have encountered a Segmentation Fault while trying to send a SSL
packet via Oracle VM agent.
The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in tls1_mac().
tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
going, which results in Segmentation Fault at EVP_DigestUpdate().
The following change in tls1_mac() fixes the segfault issue.
1 Index: openssl/ssl/t1_enc.c
2
============================================================================
3 $ diff -ru ssl/t1_enc.c ssl/t1_enc.c
4 --- t1_enc.c.orig Tue Dec 10 15:36:05 2013
5 +++ t1_enc.c Wed Dec 11 09:29:02 2013
6 @@ -980,7 +980,10 @@
7 }
8 else
9 {
10 - EVP_MD_CTX_copy(&hmac,hash);
11 + if (EVP_MD_CTX_copy(&hmac,hash) != 1)
12 + {
13 + return (0);
14 + }
15 mac_ctx =&hmac;
16 }
17
I would greatly appreciate it if the suggest fix gets integrated into
the next release of OpenSSL.
Best regards,
Misaki Miyashita
Oracle Solaris Security
Senior Software Engineer
Austin, TX, US
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [email protected]
Automated List Manager [email protected]
