Ticket #156 (closed defect: wontfix)

Opened 5 years ago

Last modified 5 years ago

SSL Checks Segfaulting

Reported by: dan.dispaltro@gmail.com Assigned to: jesus
Priority: major Milestone: Intrigue
Component: noitd Severity: serious
Keywords: Cc:


I am getting a segmentation fault @ buckets/ssl_buckets.c:237. The problem appears to be that ctx->encrypt.pending is 0x0, so trying to read out of the allocator is trying to access address 0x10, which is seg faulting.

Valgrind stack trace:

==23405== Process terminating with default action of signal 11 (SIGSEGV)
==23405==  Access not within mapped region at address 0x10
==23405==    at 0xDBB5C54: bio_bucket_write (ssl_buckets.c:237)
==23405==    by 0x536F84D: BIO_write (in /usr/lib/libcrypto.so.0.9.8)
==23405==    by 0x5085239: ssl23_write_bytes (in /usr/lib/libssl.so.0.9.8)
==23405==    by 0x50843F7: ssl23_connect (in /usr/lib/libssl.so.0.9.8)
==23405==    by 0x50850C5: ssl23_read (in /usr/lib/libssl.so.0.9.8)
==23405==    by 0xDBB6259: ssl_decrypt (ssl_buckets.c:444)
==23405==    by 0xDBB2527: common_databuf_prep (buckets.c:316)
==23405==    by 0xDBB257B: serf_databuf_read (buckets.c:334)
==23405==    by 0xDBB11EB: serf_event_trigger (context.c:818)
==23405==    by 0xDBAECB2: serf_handler (http.c:480)
==23405==    by 0x42A42A: eventer_epoll_impl_trigger (eventer_epoll_impl.c:244)
==23405==    by 0x42A660: eventer_epoll_impl_loop (eventer_epoll_impl.c:353)

Change History

07/17/09 04:40:14 changed by jesus

(In [787]) some debugging to help, refs #156

(follow-up: ↓ 3 ) 07/17/09 04:41:41 changed by jesus

  • status changed from new to assigned.

On Mac OS X I see:

serf_eventer_remove() => 12
serf_eventer_add() => 12, 35 [IOE]
serf_handler() => 12, 4 [-O-]

So the first handler call is called with the OUTPUT mask, which doesn't exhibit this problem. This test on Mac OS X.

(in reply to: ↑ 2 ) 07/22/09 05:37:29 changed by dan.dispaltro@gmail.com

The problem was on socket connection failed, serf was trying to read the bucket that hadn't been created. Fixed in Serf 1243. I think a change in 1244 may have broken this, should have another fix for that tonight.

07/22/09 16:13:13 changed by dan.dispaltro@gmail.com

(In [789]) Applied a patch from pquerna to fix the hack to get the socket fd Updated the codebase to use the latest serf callbacks refs #156

09/18/09 13:55:31 changed by jesus

  • status changed from assigned to closed.
  • resolution set to wontfix.

serf has been removed.