Also valgrind output ==17767== Thread 37: ==17767== Source and destination overlap in memcpy(0x253bfcbd, 0x7e9c51b, 4294967209) ==17767== at 0x4A09A48: memcpy (vg_replace_strmem.c:916) ==17767== by 0x4E5A2B6: do_dtls1_write (d1_pkt.c:1592) ==17767== by 0x4E5DA69: dtls1_do_write (d1_both.c:359) ==17767== by 0x4E56DF6: dtls1_accept (d1_srvr.c:426) ==17767== by 0x4E5B85C: dtls1_read_bytes (d1_pkt.c:787) ==17767== by 0x4E45ECF: ssl3_read_internal (s3_lib.c:4273) ==17767== by 0x215E3EF4: __rtp_recvfrom (res_rtp_asterisk.c:2019) ==17767== by 0x215E431E: rtp_recvfrom (res_rtp_asterisk.c:2094) ==17767== by 0x215ED620: ast_rtp_read (res_rtp_asterisk.c:4127) ==17767== by 0x5529D2: ast_rtp_instance_read (rtp_engine.c:314) ==17767== by 0x114A7838: sip_rtp_read (chan_sip.c:8198) ==17767== by 0x114A7FE7: sip_read (chan_sip.c:8295) ==17767== by 0x47D254: __ast_read (channel.c:4054) ==17767== by 0x47EFFD: ast_read (channel.c:4408) ==17767== by 0x476B8F: ast_safe_sleep_conditional (channel.c:1702) ==17767== ==17767== Invalid read of size 2 ==17767== at 0x4A09C4C: memcpy (vg_replace_strmem.c:916) ==17767== by 0x4E5A2B6: do_dtls1_write (d1_pkt.c:1592) ==17767== by 0x4E5DA69: dtls1_do_write (d1_both.c:359) ==17767== by 0x4E56DF6: dtls1_accept (d1_srvr.c:426) ==17767== by 0x4E5B85C: dtls1_read_bytes (d1_pkt.c:787) ==17767== by 0x4E45ECF: ssl3_read_internal (s3_lib.c:4273) ==17767== by 0x215E3EF4: __rtp_recvfrom (res_rtp_asterisk.c:2019) ==17767== by 0x215E431E: rtp_recvfrom (res_rtp_asterisk.c:2094) ==17767== by 0x215ED620: ast_rtp_read (res_rtp_asterisk.c:4127) ==17767== by 0x5529D2: ast_rtp_instance_read (rtp_engine.c:314) ==17767== by 0x114A7838: sip_rtp_read (chan_sip.c:8198) ==17767== by 0x114A7FE7: sip_read (chan_sip.c:8295) ==17767== by 0x47D254: __ast_read (channel.c:4054) ==17767== by 0x47EFFD: ast_read (channel.c:4408) ==17767== by 0x476B8F: ast_safe_sleep_conditional (channel.c:1702) ==17767== Address 0x107e9c4c2 is not stack'd, malloc'd or (recently) free'd ==17767== ==17767== ==17767== Process terminating with default action of signal 11 (SIGSEGV): dumping core ==17767== Access not within mapped region at address 0x107E9C4C2 ==17767== at 0x4A09C4C: memcpy (vg_replace_strmem.c:916) ==17767== by 0x4E5A2B6: do_dtls1_write (d1_pkt.c:1592) ==17767== by 0x4E5DA69: dtls1_do_write (d1_both.c:359) ==17767== by 0x4E56DF6: dtls1_accept (d1_srvr.c:426) ==17767== by 0x4E5B85C: dtls1_read_bytes (d1_pkt.c:787) ==17767== by 0x4E45ECF: ssl3_read_internal (s3_lib.c:4273) ==17767== by 0x215E3EF4: __rtp_recvfrom (res_rtp_asterisk.c:2019) ==17767== by 0x215E431E: rtp_recvfrom (res_rtp_asterisk.c:2094) ==17767== by 0x215ED620: ast_rtp_read (res_rtp_asterisk.c:4127) ==17767== by 0x5529D2: ast_rtp_instance_read (rtp_engine.c:314) ==17767== by 0x114A7838: sip_rtp_read (chan_sip.c:8198) ==17767== by 0x114A7FE7: sip_read (chan_sip.c:8295) ==17767== by 0x47D254: __ast_read (channel.c:4054) ==17767== by 0x47EFFD: ast_read (channel.c:4408) ==17767== by 0x476B8F: ast_safe_sleep_conditional (channel.c:1702)
2014-12-10 11:38 GMT+03:00 Вячеслав Бадалян <[email protected]>: > After add check get crash > > 2014-12-10 11:18 GMT+03:00 Вячеслав Бадалян <[email protected]>: > >> Looks like need add some check to return code len.... >> >> >> 2014-12-10 11:06 GMT+03:00 Вячеслав Бадалян <[email protected]>: >> >>> Sorry. Line 1244 is >>> OPENSSL_assert(s->d1->w_msg_hdr.msg_len + >>> DTLS1_HM_HEADER_LENGTH == (unsigned >>> int)s->init_num); >>> >>> >>> 2014-12-10 11:05 GMT+03:00 Вячеслав Бадалян <[email protected]>: >>> >>>> (gdb) p s->d1->w_msg_hdr.msg_len >>>> $2 = 0 >>>> (gdb) p s->init_num >>>> $3 = 0 >>>> >>>> >>>> 2014-12-10 10:59 GMT+03:00 Вячеслав Бадалян <[email protected]>: >>>> >>>>> Get again ASSERT in d1_both.c:1244 >>>>> >>>>> OPENSSL_assert(s->d1->w_msg_hdr.msg_len + >>>>> >>>>> ((s->version==DTLS1_VERSION)?DTLS1_CCS_HEADER_LENGTH:3) == (unsigned >>>>> int)s->init_num); >>>>> } >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> 2014-12-10 6:32 GMT+03:00 Вячеслав Бадалян <[email protected]>: >>>>> >>>>>> Hello. I begin test you patch. I attach to mail patched version of >>>>>> you patch wthat may clear added current SRPM of Centos 6 >>>>>> >>>>>> 2014-12-03 5:16 GMT+03:00 Вячеслав Бадалян <[email protected]>: >>>>>> >>>>>>> Thanks! I need time to test it... i will try answer at this week >>>>>>> >>>>>>> 2014-12-02 19:37 GMT+03:00 Matt Caswell via RT <[email protected]>: >>>>>>> >>>>>>>> On Tue Dec 02 17:31:05 2014, [email protected] wrote: >>>>>>>> > if you send patch i can add it to SRPM build and try results >>>>>>>> > >>>>>>>> The patch is attached. However you may have problems with this >>>>>>>> approach. I have >>>>>>>> built the patch for 1.0.1e (which is the version you originally >>>>>>>> said you were >>>>>>>> running). However any additional patches that have been applied to >>>>>>>> the SRPM >>>>>>>> could cause the patch to fail to apply (and it is quite a large >>>>>>>> patch). I can >>>>>>>> also supply a patch against the latest 1.0.1j or >>>>>>>> OpenSSL_1_0_1-stable from git >>>>>>>> if you prefer. >>>>>>>> >>>>>>>> Matt >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> С уважением, >>>>>>> Бадалян Вячеслав Борисович >>>>>>> >>>>>>> ООО "Открытые бизнес-решения" >>>>>>> Технический директор >>>>>>> +7 (495) 666-0-111 >>>>>>> http://www.open-bs.ru >>>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> С уважением, >>>>>> Бадалян Вячеслав Борисович >>>>>> >>>>>> ООО "Открытые бизнес-решения" >>>>>> Технический директор >>>>>> +7 (495) 666-0-111 >>>>>> http://www.open-bs.ru >>>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> С уважением, >>>>> Бадалян Вячеслав Борисович >>>>> >>>>> ООО "Открытые бизнес-решения" >>>>> Технический директор >>>>> +7 (495) 666-0-111 >>>>> http://www.open-bs.ru >>>>> >>>> >>>> >>>> >>>> -- >>>> С уважением, >>>> Бадалян Вячеслав Борисович >>>> >>>> ООО "Открытые бизнес-решения" >>>> Технический директор >>>> +7 (495) 666-0-111 >>>> http://www.open-bs.ru >>>> >>> >>> >>> >>> -- >>> С уважением, >>> Бадалян Вячеслав Борисович >>> >>> ООО "Открытые бизнес-решения" >>> Технический директор >>> +7 (495) 666-0-111 >>> http://www.open-bs.ru >>> >> >> >> >> -- >> С уважением, >> Бадалян Вячеслав Борисович >> >> ООО "Открытые бизнес-решения" >> Технический директор >> +7 (495) 666-0-111 >> http://www.open-bs.ru >> > > > > -- > С уважением, > Бадалян Вячеслав Борисович > > ООО "Открытые бизнес-решения" > Технический директор > +7 (495) 666-0-111 > http://www.open-bs.ru > -- С уважением, Бадалян Вячеслав Борисович ООО "Открытые бизнес-решения" Технический директор +7 (495) 666-0-111 http://www.open-bs.ru _______________________________________________ openssl-dev mailing list [email protected] https://mta.opensslfoundation.net/mailman/listinfo/openssl-dev
