Re: REPOST: Read from uninitialized memory

2001-08-22 Thread Lutz Jaenicke 

On Tue, Aug 21, 2001 at 01:27:27PM -0700, Patrick Li wrote:
 I used purify as I figured out it may give me some directions on why my SSL
 client program is failing randomly.  As purify reported 3 places there are
 reading from memory leaks.
 
 1.  SHA1_Update: I ignored this one as it is generating random bytes.

Check out openssl/crypto/md_rand.c. You will find that there is some
#ifdef PURIFY section to make PURIFY shut up. Seems this is no issue.

 2. asn1_Finish:  called indirectly from ssl_verify_cert_chain()
Hmm...

 3. BN_from_montgomery:  This one is called by RSA_public_decrypt and
 RSA_public_encrypt.  I was using openssl 0.9.6 release and I found out that
 in subsequent releases, the following bug is fixed
 
   *) In RSA_eay_public_{en,ed}crypt and RSA_eay_mod_exp (rsa_eay.c),
  obtain lock CRYPTO_LOCK_RSA before setting rsa-_method_mod_{n,p,q}.
 
  (RSA objects have a reference count access to which is protected
  by CRYPTO_LOCK_RSA [see rsa_lib.c, s3_srvr.c, ssl_cert.c, ssl_rsa.c],
  so they are meant to be shared between threads.)
  [Bodo Moeller, Geoff Thorpe; original patch submitted by
  Reddie, Steven [EMAIL PROTECTED]]
 
 I recompiled my client again under 0.9.6.b and I don't see my SSL client
 crashed when PURIFY reported BN_from_montgomery reading from unitialized
 memory.  I have test program for my SSL client and it is spawning 10 threads
 and from each thread, it is doing send/connect to the SSL server.  That's
 explains why my SSL client is failing at random.  At least, I hope that is
 the cause of my problem.
 
 BUT my SSL client program still fails randomly with purify reporting
 asn1_Finish is reading uninitialized memory.
 I checked the changes list of openssl and found the followings
 
   +) Rewrite of PKCS#12 code to use new ASN1 functionality. Replace many
  PKCS#12 macros with real functions. Fix two unrelated ASN1 bugs:
  asn1_check_tlen() would sometimes attempt to use 'ctx' when it was
  NULL and ASN1_TYPE was not dereferenced properly in asn1_ex_c2i().
  New ASN1 macro: DECLARE_ASN1_ITEM() which just declares the relevant
  ASN1_ITEM and no wrapper functions.
  [Steve Henson]
 
 This fix is going to be released in opessl 0.9.7. I am wondering if this is
 the bug that I am hitting.

Steve rewrote large parts of the ASN.1 code. It may help you or not.
I don't think waiting for it is the way to go.

There are some portions with #ifdef PURIFY around it, so I would think
that PURIFY gives you hints, but they may be false.

I never dealt with threading, so I don't think I can help you with special
problems caused by threading.

Best regards,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: REPOST: Read from uninitialized memory

2001-08-22 Thread Edson Watanabe 

 --- Patrick Li [EMAIL PROTECTED] escreveu:  Hi Lutz,
 
 Thanks for replying my question.
 
 I used purify as I figured out it may give me some
 directions on why my SSL
 client program is failing randomly.  As purify
 reported 3 places there are
 reading from memory leaks.
...

Well, I don't have Purify, but NuMega BoundsChecker
(that is a similar product for M$-Windows). NuMega
reports Read uninitialized memory for this simple
code:

int i, x;
char buf [256]; 
for (i = 0; i  256; ++i) 
buf[i] = i;
for (i = 0; i  256; ++i)
x = buf [i];   // --- NuMega reports
uninitialized memory when i = 191 (0xBF)

NuMega instruments the code, fills all buffers with
the byte 0xBF, and checks if you read 0xBF back. When
you read 0xBF the warning is given.

I think that Purify uses a similar method for
detecting uninitialized memory. The OpenSSL buffer has
binary data, maybe Purify had found the uninitialized
memory magic value.


___
Yahoo! GeoCities
Tenha seu lugar na Web. Construa hoje mesmo sua home page no Yahoo! GeoCities. É fácil 
e grátis!
http://br.geocities.yahoo.com/

Re: REPOST: Read from uninitialized memory

2001-08-21 Thread Lutz Jaenicke 

On Mon, Aug 20, 2001 at 12:33:58PM -0700, Patrick Li wrote:
 I am trying to investigate some random failure of the SSL client program
 that I wrote in openssl.  I ran it under PURIFY and it pointed out that my
 program has performed uninitialized memory leak in HASH_UPDATE function
 (details stated below) and in asn1_Finish() function.

I don't have PURIFY. I don't see random failures. And I cannot see
anything wrong with the sequence shown.
That of course does not mean anything, there may be something odd
that needs to be tracked down, but I doubt that anybody can help you
without more information. (It may also be a false alarm. I don't know.)
Can you at least supply a call trace, such that one can see, from which
functions the offending sequence is called? Please remember my first
statement: I don't have (and never met) PURIFY, so I don't know which
capabilities you can use.

 I did all the properly initialization,  SSL_library_init(),
 SSL_load_error_strings() already.  Is there any other initialization
 functions that I need to call?  Since my SSL client program is
 multithreaded, I also defined the mutex locking and thread id function.

Doesn't look bad at the first glance...

Sorry, no better help,
Lutz
-- 
Lutz Jaenicke [EMAIL PROTECTED]
BTU Cottbus   http://www.aet.TU-Cottbus.DE/personen/jaenicke/
Lehrstuhl Allgemeine Elektrotechnik  Tel. +49 355 69-4129
Universitaetsplatz 3-4, D-03044 Cottbus  Fax. +49 355 69-4153
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]