After add check get crash 2014-12-10 11:18 GMT+03:00 Вячеслав Бадалян <v.badal...@open-bs.ru>:
> Looks like need add some check to return code len.... > > > 2014-12-10 11:06 GMT+03:00 Вячеслав Бадалян <v.badal...@open-bs.ru>: > >> Sorry. Line 1244 is >> OPENSSL_assert(s->d1->w_msg_hdr.msg_len + >> DTLS1_HM_HEADER_LENGTH == (unsigned >> int)s->init_num); >> >> >> 2014-12-10 11:05 GMT+03:00 Вячеслав Бадалян <v.badal...@open-bs.ru>: >> >>> (gdb) p s->d1->w_msg_hdr.msg_len >>> $2 = 0 >>> (gdb) p s->init_num >>> $3 = 0 >>> >>> >>> 2014-12-10 10:59 GMT+03:00 Вячеслав Бадалян <v.badal...@open-bs.ru>: >>> >>>> Get again ASSERT in d1_both.c:1244 >>>> >>>> OPENSSL_assert(s->d1->w_msg_hdr.msg_len + >>>> >>>> ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned >>>> int)s->init_num); >>>> } >>>> >>>> >>>> >>>> >>>> >>>> 2014-12-10 6:32 GMT+03:00 Вячеслав Бадалян <v.badal...@open-bs.ru>: >>>> >>>>> Hello. I begin test you patch. I attach to mail patched version of you >>>>> patch wthat may clear added current SRPM of Centos 6 >>>>> >>>>> 2014-12-03 5:16 GMT+03:00 Вячеслав Бадалян <v.badal...@open-bs.ru>: >>>>> >>>>>> Thanks! I need time to test it... i will try answer at this week >>>>>> >>>>>> 2014-12-02 19:37 GMT+03:00 Matt Caswell via RT <r...@openssl.org>: >>>>>> >>>>>>> On Tue Dec 02 17:31:05 2014, v.badal...@open-bs.ru wrote: >>>>>>> > if you send patch i can add it to SRPM build and try results >>>>>>> > >>>>>>> The patch is attached. However you may have problems with this >>>>>>> approach. I have >>>>>>> built the patch for 1.0.1e (which is the version you originally said >>>>>>> you were >>>>>>> running). However any additional patches that have been applied to >>>>>>> the SRPM >>>>>>> could cause the patch to fail to apply (and it is quite a large >>>>>>> patch). I can >>>>>>> also supply a patch against the latest 1.0.1j or >>>>>>> OpenSSL_1_0_1-stable from git >>>>>>> if you prefer. >>>>>>> >>>>>>> Matt >>>>>>> >>>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> С уважением, >>>>>> Бадалян Вячеслав Борисович >>>>>> >>>>>> ООО "Открытые бизнес-решения" >>>>>> Технический директор >>>>>> +7 (495) 666-0-111 >>>>>> http://www.open-bs.ru >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> С уважением, >>>>> Бадалян Вячеслав Борисович >>>>> >>>>> ООО "Открытые бизнес-решения" >>>>> Технический директор >>>>> +7 (495) 666-0-111 >>>>> http://www.open-bs.ru >>>>> >>>> >>>> >>>> >>>> -- >>>> С уважением, >>>> Бадалян Вячеслав Борисович >>>> >>>> ООО "Открытые бизнес-решения" >>>> Технический директор >>>> +7 (495) 666-0-111 >>>> http://www.open-bs.ru >>>> >>> >>> >>> >>> -- >>> С уважением, >>> Бадалян Вячеслав Борисович >>> >>> ООО "Открытые бизнес-решения" >>> Технический директор >>> +7 (495) 666-0-111 >>> http://www.open-bs.ru >>> >> >> >> >> -- >> С уважением, >> Бадалян Вячеслав Борисович >> >> ООО "Открытые бизнес-решения" >> Технический директор >> +7 (495) 666-0-111 >> http://www.open-bs.ru >> > > > > -- > С уважением, > Бадалян Вячеслав Борисович > > ООО "Открытые бизнес-решения" > Технический директор > +7 (495) 666-0-111 > http://www.open-bs.ru > -- С уважением, Бадалян Вячеслав Борисович ООО "Открытые бизнес-решения" Технический директор +7 (495) 666-0-111 http://www.open-bs.ru
#0 _int_malloc (av=0x7fff4c000020, bytes=<value optimized out>) at malloc.c:4476 iters = <value optimized out> nb = 6496 idx = 103 bin = <value optimized out> victim = 0x7fff4c007d70 size = 8016 victim_index = <value optimized out> remainder = <value optimized out> remainder_size = <value optimized out> block = <value optimized out> bit = <value optimized out> map = <value optimized out> fwd = <value optimized out> bck = 0x0 errstr = 0x0 #1 0x00000037c9e7a6b1 in __libc_malloc (bytes=6488) at malloc.c:3664 ar_ptr = 0x7fff4c000020 victim = <value optimized out> hook = <value optimized out> #2 0x00007ffff780bd36 in CRYPTO_realloc_clean (str=0x7fff4c026ca0, old_len=4780, num=6488, file=0x7ffff7912c9b "buffer.c", line=166) at mem.c:372 ret = 0x0 #3 0x00007ffff787bae6 in BUF_MEM_grow_clean (str=0x7fff3c034870, len=4864) at buffer.c:166 ret = <value optimized out> n = 6488 #4 0x00007ffff787d513 in mem_write (b=<value optimized out>, in=0x7fff4c0231b0 "\026\376\377", inl=256) at bss_mem.c:189 ret = -1 blen = 4608 bm = 0x7fff3c034870 #5 0x00007ffff787c747 in BIO_write (b=0x7fff3c033a60, in=0x7fff4c0231b0, inl=256) at bio_lib.c:247 i = <value optimized out> cb = 0 #6 0x00007ffff787f871 in buffer_ctrl (b=0x7fff4c012fd0, cmd=<value optimized out>, num=0, ptr=0x0) at bf_buff.c:404 dbio = <value optimized out> ctx = 0x7fff4c018a70 ret = 1 p1 = <value optimized out> p2 = <value optimized out> r = <value optimized out> i = <value optimized out> ip = <value optimized out> ibs = <value optimized out> obs = <value optimized out> #7 0x00007ffff7bc2b0d in dtls1_do_write (s=0x7fff3c0335f0, type=22) at d1_both.c:318 ret = <value optimized out> curr_mtu = -13 retry = 1 len = <value optimized out> frag_off = 3816 mac_size = 0 blocksize = 0 #8 0x00007ffff7bbbdf7 in dtls1_accept (s=0x7fff3c0335f0) at d1_srvr.c:426 buf = <value optimized out> Time = 1418200173 cb = 0 alg_k = <value optimized out> ret = <value optimized out> new_state = <value optimized out> state = 8512 skip = 0 listen = 0 #9 0x00007ffff7bc085d in dtls1_read_bytes (s=0x7fff3c0335f0, type=23, buf=0x7fff3c0060f8 "\026\376\377", len=121, peek=0) at d1_pkt.c:787 al = <value optimized out> i = <value optimized out> j = <value optimized out> ret = <value optimized out> n = <value optimized out> rr = <value optimized out> cb = 0 #10 0x00007ffff7baaed0 in ssl3_read_internal (s=0x7fff3c0335f0, buf=0x7fff3c0060f8, len=121, peek=0) at s3_lib.c:4273 ret = <value optimized out> #11 0x00007fffa25fbef5 in __rtp_recvfrom (instance=0x7fff3c015348, buf=0x7fff3c0060f8, size=8192, flags=0, sa=0x7fff9ada69d0, rtcp=0) at res_rtp_asterisk.c:2019 dtls = 0x7fff3c008ce0 res = 0 len = 121 rtp = 0x7fff3c005f40 srtp = 0x0 in = 0x7fff3c0060f8 "\026\376\377" loop = 0x7fff3c0085e8 __PRETTY_FUNCTION__ = "__rtp_recvfrom" #12 0x00007fffa25fc31f in rtp_recvfrom (instance=0x7fff3c015348, buf=0x7fff3c0060f8, size=8192, flags=0, sa=0x7fff9ada69d0) at res_rtp_asterisk.c:2094 No locals. #13 0x00007fffa2605621 in ast_rtp_read (instance=0x7fff3c015348, rtcp=0) at res_rtp_asterisk.c:4127 rtp = 0x7fff3c005f40 addr = {ss = {ss_family = 2, __ss_align = 0, __ss_padding = "\b\243\001L\377\177\000\000R\367\346\311\067\000\000\000\001\200\255\373\377\177\000\000\b\243\001L\377\177\000\000\b\243\001L\377\177\000\000\b\243\001L\377\177\000\000\b\243\001L\377\177\000\000\020\243\001L\377\177\000\000\a\244\001L\377\177\000\000\b\243\001L\377\177\000\000\a\244\001L\377\177", '\000' <repeats 25 times>}, len = 16} res = 0 hdrlen = 12 version = 32767 payloadtype = 0 padding = 0 mark = 1275080150 ext = 32767 cc = 1275080150 prev_seqno = 32767 rtpheader = 0x7fff3c0060f8 seqno = 0 ssrc = 33 timestamp = 29 payload = {asterisk_format = 6, format = {id = 0, fattr = {format_attr = {1275100224, 32767, 1275100229, 32767, 6567044, 0, 2598004992, 4294967295, 5775753, 19, 1006650992, 78, 78, 77, 9665472, 0, 5262095, 0, 1275083272, 32767, 9381552, 0, 6717365, 0, 6718801, 0, 6717397, 1589, 6714548, 0, 16, 1587, 6714548, 0, 2598005744, 32767, 5281951, 0, 1548, 32767, 6718801, 0, 1418200173, 0, 92029, 0, 24, 48, 2598006224, 32767, 6715567, 0, 1006651024, 32767, 4094289024, 32767, 4094283063, 474, 4094284180, 32767, 2598005232, 5, 875638834, 758264109}, rtp_marker_bit = 49 '1'}}, rtp_code = 959593009, payload = 3355450} remote_address = {ss = {ss_family = 0, __ss_align = 0, __ss_padding = '\000' <repeats 111 times>}, len = 0} frames = {first = 0x1039500, last = 0x5983a5} __PRETTY_FUNCTION__ = "ast_rtp_read" #14 0x00000000005529d3 in ast_rtp_instance_read (instance=0x7fff3c015348, rtcp=0) at rtp_engine.c:314 No locals. #15 0x00007fffb26d6839 in sip_rtp_read (ast=0x7fff3c0373b8, p=0x7fff3c00bef8, faxdetect=0x7fff9ada6c64) at chan_sip.c:8198 f = 0x7fff3c00bea0 __PRETTY_FUNCTION__ = "sip_rtp_read" #16 0x00007fffb26d6fe8 in sip_read (ast=0x7fff3c0373b8) at chan_sip.c:8295 fr = 0x498779 p = 0x7fff3c00bef8 faxdetected = 0 __PRETTY_FUNCTION__ = "sip_read" #17 0x000000000047d255 in __ast_read (chan=0x7fff3c0373b8, dropaudio=0) at channel.c:4054 f = 0x0 prestate = 6 cause = 0 __PRETTY_FUNCTION__ = "__ast_read" #18 0x000000000047effe in ast_read (chan=0x7fff3c0373b8) at channel.c:4408 No locals. #19 0x0000000000476b90 in ast_safe_sleep_conditional (chan=0x7fff3c0373b8, timeout_ms=5000, cond=0, data=0x0) at channel.c:1702 dup_f = 0x0 f = 0x8f0fe0 silgen = 0x0 res = 0 start = {tv_sec = 1418200173, tv_usec = 92058} ms = 5000 deferred_frames = {first = 0x0, last = 0x0} __PRETTY_FUNCTION__ = "ast_safe_sleep_conditional" #20 0x0000000000476dc0 in ast_safe_sleep (chan=0x7fff3c0373b8, ms=5000) at channel.c:1746 No locals. #21 0x00007ffff40986c2 in play_moh_exec (chan=0x7fff3c0373b8, data=0x7fff9ada9490 ",5") at res_musiconhold.c:801 parse = 0x7fff9ada7220 "" class = 0x0 timeout = 5000 res = 0 args = {argc = 2, argv = 0x7fff9ada7250, class = 0x7fff9ada7220 "", duration = 0x7fff9ada7221 "5"} __PRETTY_FUNCTION__ = "play_moh_exec" #22 0x000000000052c661 in pbx_exec (c=0x7fff3c0373b8, app=0x10394a0, data=0x7fff9ada9490 ",5") at pbx.c:1622 res = 36 u = 0x7fff4c01a1b0 saved_c_appl = 0x0 saved_c_data = 0x0 __PRETTY_FUNCTION__ = "pbx_exec" #23 0x0000000000537108 in pbx_extension_helper (c=0x7fff3c0373b8, con=0x0, context=0x7fff3c038208 "from-internal", exten=0x7fff3c038258 "766", priority=2, label=0x0, callerid=0x7fff3c034090 "74996051913", action=E_SPAWN, found=0x7fff9adabb70, combined_find_spawn=1) at pbx.c:4915 e = 0xf66c60 app = 0x10394a0 substitute = 0x0 res = 1006858600 q = {incstack = {0xfb6f80 "from-internal", 0xfb7fa0 "from-internal-noxfer", 0xfa58e0 "from-internal-noxfer-additional", 0xfe5880 "from-internal-xfer", 0xfd7780 "from-internal-additional", 0x0 <repeats 123 times>}, stacklen = 5, status = 5, swo = 0x0, data = 0x0, foundcontext = 0xfd78d0 "from-internal-additional-custom"} passdata = ",5\000\232\377\177\000\000\360\226ښ\377\177\000\000\000\000\000\000\377\177\000\000\376\226ښ\377\177\000\000\377\377\377\377\000\000\000\000\220\225ښ\377\177\000\000\377\377\377\377\377\377\377\377\000\232ښ\377\177\000\000\000\000\000\000\000\000\000\000`\226ښ\377\177\000\000\037\000\000\000\000\000\000\000x\231ښ\377\177\000\000\060\236ښ\000\000\000\000 \367\346\311\067\000\000\000\001\200\255\373\377\177\000\000\060\236ښ\377\177\000\000\060\236ښ\000\000\000\000\257\t\000\000\000\000\000\000\000\000\000\000\377\177\000\000\061\236ښ\377\177\000\000\000\000\000\000\377\177\000\000\000\000\000\000\001\000\000\000O\236ښ\377\177\000\000\377\377\377\377", '\000' <repeats 12 times>, "x\231ښ\377\177\000\000s", '\000' <repeats 15 times>"\302, \352f\000\000\000\000\000\360\226ښ", '\000' <repeats 16 times>, "\v\000\000\000\001\004\000\000\000\000\000\000\270\362\344\311\067\000\000\000\060\000\000\000\060", '\000' <repeats 11 times>"\300, \225ښ\377"... matching_action = 0 __PRETTY_FUNCTION__ = "pbx_extension_helper" #24 0x000000000053a5a3 in ast_spawn_extension (c=0x7fff3c0373b8, context=0x7fff3c038208 "from-internal", exten=0x7fff3c038258 "766", priority=2, callerid=0x7fff3c034090 "74996051913", found=0x7fff9adabb70, combined_find_spawn=1) at pbx.c:6037 No locals. #25 0x000000000053bd40 in __ast_pbx_run (c=0x7fff3c0373b8, args=0x0) at pbx.c:6512 digit = 0 invalid = 0 timeout = 0 dst_exten = "\000\377\377\377\377\377\377\377\001", '\000' <repeats 31 times>, "@\001\000\000\000\000\000\000\a", '\000' <repeats 15 times>, "\001\000\000\000\000\000\000\000x{ \312\067", '\000' <repeats 11 times>"\370, \377\377\377\377\377\377\377\001\000\000\000\000\000\000\000\020\000\000\000\000\000\000\000\033\377\001", '\000' <repeats 13 times>, " \275ښ\377\177\000\000лښ\377\177\000\000\020\275ښ\377\177\000\000p\315ښ\377\177\000\000\340\272ښ\377\177\000\000\320\336 \312\067\000\000\000\003\000\000\000\000\000\000\000\264\062\243\232\377\177\000\000ؼښ\377\177\000\000\340\274ښ\377\177\000\000\000\000\000\000\000\000\000\000\350\274ښ\377\177", '\000' <repeats 18 times>"\360, \275ښ\377\177\000\000\000\000\000\000\000\000\000" pos = 0 found = 1 res = 0 autoloopflag = 0 error = 0 pbx = 0x7fff4c01c3a0 callid = 0x0 __PRETTY_FUNCTION__ = "__ast_pbx_run" #26 0x000000000053d81d in pbx_thread (data=0x7fff3c0373b8) at pbx.c:6842 c = 0x7fff3c0373b8 #27 0x0000000000599ddc in dummy_start (data=0x7fff3c01b080) at utils.c:1192 __cancel_buf = {__cancel_jmp_buf = {{__cancel_jmp_buf = {140735791417088, -9220635199591366855, 140735787189888, 140735791417792, 0, 3, -9220635199582978247, 9220711381188919097}, __mask_was_saved = 0}}, __pad = { 0x7fff9adabe90, 0x0, 0x7fff9adaca10, 0x0}} __cancel_routine = 0x441124 <ast_unregister_thread> __cancel_arg = 0x7fff9adac700 not_first_call = 0 ret = 0x37ca18a850 a = {start_routine = 0x53d7f8 <pbx_thread>, data = 0x7fff3c0373b8, name = 0x7fff3c03a740 "pbx_thread", ' ' <repeats 11 times>, "started at [ 6868] pbx.c ast_pbx_start()"} #28 0x00000037ca2079d1 in start_thread (arg=0x7fff9adac700) at pthread_create.c:301 __res = <value optimized out> pd = 0x7fff9adac700 now = <value optimized out> unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140735791417088, 9220711866970718009, 140735787189888, 140735791417792, 0, 3, -9220635199622824135, 9194407422128865081}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> pagesize_m1 = <value optimized out> sp = <value optimized out> freesize = <value optimized out> #29 0x00000037c9ee89dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:115 No locals.
_______________________________________________ openssl-dev mailing list openssl-dev@openssl.org https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev