On Fri, May 25, 2012 at 7:25 AM, Sudarshan Raghavan <sudarshan.t.ragha...@gmail.com> wrote: > Ok, I can fix the custom free to take care of this. But, why is this > happening in openssl 1.0.1 and not in 1.0.0 or 0.9.8? I think the question to ask is why your code or library routines are not validating parameters before operating on them. Its a hostile world full of mis-users and adversaries - look for any reason to deny processing (and if you can't find a reason, begrudgingly perform the processing).
Negative test cases usually vet out this sort of thing. Are you writing them against you code or library? > Is there is a document or resource > in the web that explains what is expected from > the custom alloc, realloc and free routines? Probably not. Jeff > On Fri, May 25, 2012 at 4:00 AM, Richard Levitte <rich...@levitte.org> wrote: >> In message >> <cagxgq09umap5b1bhsyjj54srwrg-syzqnodk5rh_gnt29xa...@mail.gmail.com> on Thu, >> 24 May 2012 17:46:49 +0530, Sudarshan Raghavan >> <sudarshan.t.ragha...@gmail.com> said: >> >> sudarshan.t.raghavan> Hi, >> sudarshan.t.raghavan> >> sudarshan.t.raghavan> I am using CRYPTO_set_mem_functions to use our own >> custom memory >> sudarshan.t.raghavan> routines in a non blocking proxy implementation. This >> was working fine >> sudarshan.t.raghavan> in 0.9.8 and 1.0.0 but with 1.0.1c I can see that the >> custom free >> sudarshan.t.raghavan> routine is being invoked with a NULL argument after >> calling SSL_free >> sudarshan.t.raghavan> and this results in the proxy crashing. >> sudarshan.t.raghavan> >> sudarshan.t.raghavan> #3 0x0828bd24 in CUSTOM_FREE (oldMem=0x0) at >> custom_mem.c:340 >> sudarshan.t.raghavan> #4 0xb75342b4 in CRYPTO_free () from >> sudarshan.t.raghavan> >> /home/product/code/firmware/current/lib/openssl1.0/lib/libcrypto.so.1.0.0 >> sudarshan.t.raghavan> #5 0x00000000 in ?? () >> sudarshan.t.raghavan> >> sudarshan.t.raghavan> This happens every time the SSL connections is torn >> down. If I don't >> sudarshan.t.raghavan> use CRYPTO_set_mem_functions it works fine. I am >> assuming the default >> sudarshan.t.raghavan> free routine ignores a NULL argument. Is it an >> expectation from the >> sudarshan.t.raghavan> custom free routine to also ignore NULL? I can provide >> more >> sudarshan.t.raghavan> information if needed. Can someone help me debug this >> problem. >> sudarshan.t.raghavan> >> sudarshan.t.raghavan> Thanks, >> sudarshan.t.raghavan> Sudarshan >> >> Your assumption is correct, OpenSSL expects the same semantics as >> malloc(), realloc() and free(), so you free() replacement must be able >> to handle a NULL argument. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
