Skip Menu |
 
Ticket metadata
The Basics
Id: 3214
Status: resolved
Priority: 0/
Queue: OpenSSL-Bugs

Custom Fields
Milestone: (no value)
Subsystem: (no value)
Severity: (no value)
Broken in: (no value)

People
Owner: Nobody in particular
Requestors: Anthony Minessale
Cc:
AdminCc:

More about the requestors

Anthony Minessale

Comments about this user: No comment entered about this user
Groups this user belongs to
  • Everyone
  • Unprivileged

New reminder:
Subject:
Owner:
Due:

Dates
Created: Mon Jan 06 10:22:17 2014
Starts: Not set
Started: Mon Jan 06 13:10:59 2014
Last Contact: Mon Jan 06 13:10:59 2014
Due: Not set
Closed: Fri Jan 10 23:49:08 2014
Updated: Fri Jan 10 23:49:08 2014 by Stephen Henson



Subject: commit 20b82b514d81a64f5b240788e5051167456af379 opens possible segfault
Date: Sun, 5 Jan 2014 17:22:32 -0600
To: rt@openssl.org
From: Anthony Minessale <anthony.minessale@gmail.com>
Download (untitled) / with headers
text/plain 1009b
commit 20b82b514d81a64f5b240788e5051167456af379 on dec 20th creates an
issue where NULL can be passed to EVP_MD_CTX_destroy

Specifically d1_both.c:221

EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);

Doing a DTLS negotiation between FreeSWITCH and Google Chrome using WebRTC
a segfault results every time.

adding a NULL check such as this resolves the issue but may not be the
correct solution.

if (frag->msg_header.saved_retransmit_state.write_hash)
EVP_MD_CTX_destroy(frag->msg_header.saved_retransmit_state.write_hash);


This change has just gone into Debian Wheezy and is starting to affect
anyone using FreeSWITCH with Chrome WebRTC.



--
Anthony Minessale II ♬ @anthmfs ♬ @FreeSWITCH ♬

☞ http://freeswitch.org/ ☞ http://cluecon.com/ ☞
http://twitter.com/FreeSWITCH
☞ irc.freenode.net #freeswitch ☞ *http://freeswitch.org/g+
<http://freeswitch.org/g+>*

ClueCon Weekly Development Call
☎ sip:888@conference.freeswitch.org ☎ +19193869900
On Mon Jan 06 10:22:17 2014, anthony.minessale@gmail.com wrote:
Show quoted text
> commit 20b82b514d81a64f5b240788e5051167456af379 on dec 20th creates an
> issue where NULL can be passed to EVP_MD_CTX_destroy
>

Commit a6c62f0c25a756c263a80ce52afbae888028e986 was applied to the OpenSSL repository before 20b82b514d81a64f5b240788e5051167456af379. Both are needed.

Steve.
-- 
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org