Hi Victor, Thanks for your response. I will inspect the field you mentioned. Thanks! Tyler
Tiantian(Tyler) Liu Analyste Programmeur | Programmer Analyst Tender Retail ACCEO Solutions Inc. 416-498-1200 ext. 301 Suite 400 – 2 Lansing Square Toronto, Ontario, Canada M2J 4P8 acceo.com -----Original Message----- From: Viktor Dukhovni via RT [mailto:r...@openssl.org] Sent: March-21-16 12:10 PM To: Tiantian (Tyler) Liu Cc: openssl-dev@openssl.org Subject: Re: [openssl-dev] [openssl.org #4467] SSL_Connect crashed > On Mar 21, 2016, at 11:51 AM, Tiantian Liu via RT <r...@openssl.org> wrote: > > > srp_ctx = {SRP_cb_arg = 0x0, TLS_ext_srp_username_callback = 0, > SRP_verify_param_callback = 0, SRP_give_srp_client_pwd_callback = 0, > login = 0x44454c4c <Address 0x44454c4c out of bounds>, N = 0x9a285f8, g = > 0x61, s = 0x9a29820, B = 0xdbd150, A = 0x0, a = 0x4, b = 0x18, v = 0x18, info > = 0x9a298d0 "", strength = 0, > srp_Mask = 0} > (gdb) n > > Program received signal SIGSEGV, Segmentation fault. > 0x008283cc in ssl3_connect () from /usr/lib/libssl.so.1.0.0 > (gdb) quit > > The SSL structure was returned by SSL_new(), and we didn't touch the SSL > structure before we calling SSL_Connect(). > The only suspicious value I found is the 'out of bounds' error upon 'login' > field. But I don't think it caused the crash. Interestingly, "0x44454c4c" is "DELL". In OpenSSL the SSL_new() function zeros the SSL structure when it is allocated. So that "DELL" clobbered the "login" pointer after the structure was allocated in SSL_new(). Are you using SRP? One would expect the entire SRP context to be zeroed otherwise... Either something is clobbering memory, or you may be using SRP incorrectly. -- Viktor. -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4467 Please log in as guest with password guest if prompted -- Ticket here: http://rt.openssl.org/Ticket/Display.html?id=4467 Please log in as guest with password guest if prompted -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
