Bug#450903: libocamlnet-ssl-ocaml: segfault on custom ssl bindings
Am Samstag, den 09.02.2008, 13:36 +0100 schrieb Stéphane Glondu: Stefano Zacchiroli a écrit : While playing with the ssl_client.ml example, I ended up correcting two issues: * ssl_client.ml must use: let cl_ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in to use the correct function from ocaml-ssl * The example segfaulted.. Can you please provide the example, so that we can test the fix? The example is in ocamlnet source, at location: examples/equeue/ssl/ssl_client.ml I reproduced the bug, and checked that the fix works. I contacted Gerd Stolpmann about this (he is CC of this mail, and I also talked to him in real life). Meanwhile, I've commited it in the svn. The fix is now incorporated in Ocamlnet, and will be included in the next release. Many thanks for tracking it down and fixing it! Gerd -- Gerd Stolpmann * Viktoriastr. 45 * 64293 Darmstadt * Germany [EMAIL PROTECTED] http://www.gerd-stolpmann.de Phone: +49-6151-153855 Fax: +49-6151-997714
Bug#450903: libocamlnet-ssl-ocaml: segfault on custom ssl bindings
Stefano Zacchiroli a écrit : While playing with the ssl_client.ml example, I ended up correcting two issues: * ssl_client.ml must use: let cl_ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in to use the correct function from ocaml-ssl * The example segfaulted.. Can you please provide the example, so that we can test the fix? The example is in ocamlnet source, at location: examples/equeue/ssl/ssl_client.ml I reproduced the bug, and checked that the fix works. I contacted Gerd Stolpmann about this (he is CC of this mail, and I also talked to him in real life). Meanwhile, I've commited it in the svn. -- Stéphane
Bug#450903: libocamlnet-ssl-ocaml: segfault on custom ssl bindings
On Mon, Nov 12, 2007 at 02:56:34AM +0100, Romain Beauxis wrote: While playing with the ssl_client.ml example, I ended up correcting two issues: * ssl_client.ml must use: let cl_ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in to use the correct function from ocaml-ssl * The example segfaulted.. Can you please provide the example, so that we can test the fix? After some introspection, helped by Sam, we found out that the package ships its custom ssl extra-bindings. These are out-of-date and caused the segfault. Out-of-date respect what? Thanks for the patch, Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ... now what? [EMAIL PROTECTED],cs.unibo.it,debian.org} -%- http://upsilon.cc/zack/ (15:56:48) Zack: e la demo dema ?/\All one has to do is hit the (15:57:15) Bac: no, la demo scema\/right keys at the right time -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#450903: libocamlnet-ssl-ocaml: segfault on custom ssl bindings
On Thu, Jan 10, 2008 at 09:47:04AM +0100, Samuel Mimram wrote: AFAIR some code from the C headers of ocaml-ssl was copied into ocamlnet-ssl but unfortunately I changed these definitions later in ocaml-ssl and the disparity between the two libs was leading to a SEGV in ocamlnet-ssl. Ah, so you did it in the beginning, do you mind getting in touch yourself with Gerd then to rectify the status quo? I can of course do it, but removing an intermediary would be faster. Please Cc the bug report if you do so; let me know otherwise. Cheers. -- Stefano Zacchiroli -*- PhD in Computer Science ... now what? [EMAIL PROTECTED],cs.unibo.it,debian.org} -%- http://upsilon.cc/zack/ (15:56:48) Zack: e la demo dema ?/\All one has to do is hit the (15:57:15) Bac: no, la demo scema\/right keys at the right time -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#450903: libocamlnet-ssl-ocaml: segfault on custom ssl bindings
Hi, Stefano Zacchiroli wrote: On Mon, Nov 12, 2007 at 02:56:34AM +0100, Romain Beauxis wrote: While playing with the ssl_client.ml example, I ended up correcting two issues: * ssl_client.ml must use: let cl_ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in to use the correct function from ocaml-ssl * The example segfaulted.. Can you please provide the example, so that we can test the fix? After some introspection, helped by Sam, we found out that the package ships its custom ssl extra-bindings. These are out-of-date and caused the segfault. Out-of-date respect what? AFAIR some code from the C headers of ocaml-ssl was copied into ocamlnet-ssl but unfortunately I changed these definitions later in ocaml-ssl and the disparity between the two libs was leading to a SEGV in ocamlnet-ssl. Cheers, Samuel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#450903: libocamlnet-ssl-ocaml: segfault on custom ssl bindings
Hi, Stefano Zacchiroli wrote: On Thu, Jan 10, 2008 at 09:47:04AM +0100, Samuel Mimram wrote: AFAIR some code from the C headers of ocaml-ssl was copied into ocamlnet-ssl but unfortunately I changed these definitions later in ocaml-ssl and the disparity between the two libs was leading to a SEGV in ocamlnet-ssl. Ah, so you did it in the beginning, do you mind getting in touch yourself with Gerd then to rectify the status quo? I can of course do it, but removing an intermediary would be faster. Please Cc the bug report if you do so; let me know otherwise. I helped Romain a bit but he did the patch so I'd rather have him contact upstream (and moreover I'm a bit busy right now). Romain, can you do it? Thanks! Samuel. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#450903: libocamlnet-ssl-ocaml: segfault on custom ssl bindings
Package: libocamlnet-ssl-ocaml
Version: 2.2.8.1-1
Severity: grave
Tags: patch
Justification: renders package unusable
Hi !
While playing with the ssl_client.ml example, I ended up correcting two
issues:
* ssl_client.ml must use:
let cl_ctx = Ssl.create_context Ssl.TLSv1 Ssl.Client_context in
to use the correct function from ocaml-ssl
* The example segfaulted..
After some introspection, helped by Sam, we found out that the package
ships its custom ssl extra-bindings.
These are out-of-date and caused the segfault.
Attached is patch that fixes them.
Of course, those bindings may be directly provided by ocaml-ssl, this
would help to get them in sync with latest ocaml-ssl has well as
debugging them along the others...
Romain
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.22-1-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR, LC_CTYPE=fr_FR (charmap=ISO-8859-1)
Shell: /bin/sh linked to /bin/bash
Versions of packages libocamlnet-ssl-ocaml depends on:
ii libc6 2.6.1-6GNU C Library: Shared libraries
ii libocamlnet-ocaml 2.2.8.1-1 OCaml application-level Internet l
ii libssl-ocaml 0.4.2-3OCaml bindings for OpenSSL
ii ocaml-base-nox [ocaml-base-no 3.10.0-8 Runtime system for ocaml bytecode
libocamlnet-ssl-ocaml recommends no packages.
-- no debconf information
--- ocamlnet-2.2.8.1.orig/src/equeue-ssl/ssl_exts_stubs.c
+++ ocamlnet-2.2.8.1/src/equeue-ssl/ssl_exts_stubs.c
@@ -6,41 +6,29 @@
#include caml/memory.h
#include caml/misc.h
#include caml/mlvalues.h
-
+#include caml/signals.h
#include openssl/ssl.h
#include openssl/pem.h
#include openssl/err.h
#include openssl/bio.h
#include unistd.h
-
-/* The following definitions are copied from ssl_stubs.c: */
-
-struct ssl_socket__t
-{
- SSL *handler;
- int fd;
-};
-
-typedef struct ssl_socket__t ssl_socket_t;
-
-static ssl_socket_t* ssl_socket_of_block(value block)
-{
- return (ssl_socket_t*)Field(block, 1);
-}
+#define SSL_val(v) (*((SSL**)Data_custom_val(v)))
CAMLprim value ocaml_ssl_single_shutdown(value socket)
{
CAMLparam1(socket);
int ret;
- ssl_socket_t *ssl = ssl_socket_of_block(socket);
- ret = SSL_shutdown(ssl-handler);
+ SSL *ssl = SSL_val(socket);
+ caml_enter_blocking_section();
+ ret = SSL_shutdown(ssl);
if (ret == -1) {
raise_with_arg(*caml_named_value(ssl_exn_shutdown_error),
- Val_int(SSL_get_error(ssl-handler, ret)));
+ Val_int(SSL_get_error(ssl, ret)));
};
+ caml_leave_blocking_section();
CAMLreturn(Val_unit);
}
@@ -52,8 +40,10 @@
CAMLlocal3(rcvd,sent,ret);
int r;
- ssl_socket_t *ssl = ssl_socket_of_block(socket);
- r = SSL_get_shutdown(ssl-handler);
+ SSL *ssl = SSL_val(socket);
+ caml_enter_blocking_section();
+ r = SSL_get_shutdown(ssl);
+ caml_leave_blocking_section();
rcvd = Val_bool(r SSL_RECEIVED_SHUTDOWN);
sent = Val_bool(r SSL_SENT_SHUTDOWN);
ret = alloc_tuple(2);
@@ -71,8 +61,10 @@
BIO *b;
int eof;
-ssl_socket_t *ssl = ssl_socket_of_block(socket);
-b = SSL_get_rbio(ssl-handler);
+SSL *ssl = SSL_val(socket);
+caml_enter_blocking_section();
+b = SSL_get_rbio(ssl);
+caml_leave_blocking_section();
if (b == NULL)
failwith(Ssl.get_rbio_eof: No rbio found);
eof = BIO_eof(b);
@@ -87,8 +79,10 @@
CAMLparam1(socket);
CAMLlocal1(ret);
long m;
-ssl_socket_t *ssl = ssl_socket_of_block(socket);
-m = SSL_get_mode(ssl-handler);
+SSL *ssl = SSL_val(socket);
+caml_enter_blocking_section();
+m = SSL_get_mode(ssl);
+caml_leave_blocking_section();
ret = alloc_tuple(3);
Store_field(ret, 0, Val_bool(m SSL_MODE_ENABLE_PARTIAL_WRITE));
Store_field(ret, 1, Val_bool(m SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER));
@@ -100,12 +94,14 @@
{
CAMLparam2(socket,mode);
long m;
-ssl_socket_t *ssl = ssl_socket_of_block(socket);
+SSL *ssl = SSL_val(socket);
m = 0;
if (Bool_val(Field(mode, 0))) m |= SSL_MODE_ENABLE_PARTIAL_WRITE;
if (Bool_val(Field(mode, 1))) m |= SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER;
if (Bool_val(Field(mode, 2))) m |= SSL_MODE_AUTO_RETRY;
-SSL_set_mode(ssl-handler, m);
+caml_enter_blocking_section();
+SSL_set_mode(ssl, m);
+caml_leave_blocking_section();
CAMLreturn(Val_unit);
}
