This happens when the server is unreachable. The client when it is trying
to resend the client_hello is barfing on fragment->frag value. Is this
known issue ? Let me know if you need any more info.
Not consistently reproducible. Please let us know if I can work around this
issue.
# debug -a mips64 info.core.my_client.1626.pm1012.1416137224
[New LWP 1626]
[New LWP 1745]
Core was generated by `/usr/sbin/my_client -f'.
Program terminated with signal 11, Segmentation fault.
#0 0xeb851eb85454aaba in ?? ()
#0 0xeb851eb85454aaba in ?? ()
#1 0x000000fff7e35530 in dtls1_retransmit_message (s=0x1206dd750, seq=0,
frag_off=0, found=0xffffdfec60) at d1_both.c:1289
#2 0x000000fff7e34fb8 in dtls1_retransmit_buffered_messages
(s=0x1206dd750) at d1_both.c:1173
#3 0x000000fff7e2e38c in dtls1_handle_timeout (s=0x1206dd750) at
d1_lib.c:464
#4 0x000000fff7e2fbb0 in dtls1_read_bytes (s=0x1206dd750, type=22,
buf=0xffffdfee18
"\377\377\377\377\204~{\210\377\377\377\377\204~{\020\377\377\377\377\204p",
len=12, peek=0) at d1_pkt.c:833
#5 0x000000fff7e33ff8 in dtls1_get_message_fragment (s=0x1206dd750,
st1=4384, stn=4385, max=20000, ok=0xffffdfef84) at d1_both.c:819
#6 0x000000fff7e32c68 in dtls1_get_message (s=0x1206dd750, st1=4384,
stn=4385, mt=-1, max=20000, ok=0xffffdfef84) at d1_both.c:443
#7 0x000000fff7e01c34 in ssl3_get_server_hello (s=0x1206dd750) at
s3_clnt.c:832
#8 0x000000fff7e2a120 in dtls1_connect (s=0x1206dd750) at d1_clnt.c:328
#9 0x000000fff7e3a2d8 in SSL_connect (s=0x1206dd750) at ssl_lib.c:949
#10 0x000000012003d70c in ssl_connect_timer_cb (p_timer=0x120869680,
peer=0x12085fdd0, arg2=0x0, arg3=0x0, arg4=0x0) at my_client_peer.c:330
#11 0x00000001200a46f0 in timer_exec_pri (p_mgr=0x120397810,
p_pri=0x1203a3888, p_starttime=0xffffdff268, msecs=100) at timer.c:612
#12 0x00000001200a40b4 in timer_exec (p_mgr=0x120397810,
pri_mask=TIMER_PRI_MASK_ALL, msecs=100) at timer.c:504
#13 0x0000000120021bf8 in g_base_timer_cb (base_timer_fd=-1, what=1,
g=0x1200e99d0 <g_m_client>) at my_client.c:4412
#14 0x000000fff7ebe06c in event_process_active_single_queue
(base=0x120397270, activeq=0x120397760) at
/usr/src/debug/libevent/2.0.21-r3/libevent-2.0.21-stable/event.c:1350
#15 0x000000fff7ebe3b8 in event_process_active (base=0x120397270) at
/usr/src/debug/libevent/2.0.21-r3/libevent-2.0.21-stable/event.c:1420
#16 0x000000fff7ebeddc in event_base_loop (base=0x120397270, flags=0) at
/usr/src/debug/libevent/2.0.21-r3/libevent-2.0.21-stable/event.c:1621
(gdb) frame 1
#1 0x000000fff7e35530 in dtls1_retransmit_message (s=0x1206dd750, seq=0,
frag_off=0, found=0xffffdfec60) at d1_both.c:1289
1289 memcpy(s->init_buf->data, frag->fragment,
(gdb) p *item
$1 = {priority = "\000\000\000\000\000\000\000", data = 0x1205ce0a0, next =
0x0}
(gdb) p *frag
$2 = {msg_header = {type = 1 '\001', msg_len = 55, seq = 0, frag_off = 0,
frag_len = 55, is_ccs = 0, saved_retransmit_state = {enc_write_ctx = 0x0,
write_hash = 0x0, compress = 0x0,
session = 0x1206a6730, epoch = 0}}, fragment = 0x0, reassembly = 0x0}
(gdb) #
(gdb) #Note that the fragment is NULL
(gdb) #
(gdb) list
1284 if ( frag->msg_header.is_ccs)
1285 header_length = DTLS1_CCS_HEADER_LENGTH;
1286 else
1287 header_length = DTLS1_HM_HEADER_LENGTH;
1288
1289 memcpy(s->init_buf->data, *frag->fragment*,
1290 frag->msg_header.msg_len + header_length);
1291 s->init_num = frag->msg_header.msg_len + header_length;
1292
1293 dtls1_set_message_header_int(s, frag->msg_header.type,
*(gdb) p/x frag->fragment*
*$3 = 0x0*
(gdb) #
(gdb) #hence the crash
(gdb) #
(gdb)
Thanks in Advance
Praveen Kariyanahalli
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majord...@openssl.org
