← Back to team overview

linuxdcpp-team team mailing list archive

[Bug 378829] Re: Crash with SSL transfers since upgraded to OpenSSL 1.0 beta

 

reviving this bug as we have upgraded to the 1.0 branch and have been
experiencing these crashes again.

the problem wasn't that some modules had to be disabled, since the
latest version is now being compiled with all default modules. the
actual reason was a missing flag in the MinGW compilation that was
making all MinGW builds be "optimized for MS-DOS". this affected
previous versions of OpenSSL too, but seems to be causing a crash only
in 1.0.

fixed in rev 2304.
i am now going to report this to OpenSSL...

** Changed in: dcplusplus
       Status: Invalid => Fix Committed

-- 
Crash with SSL transfers since upgraded to OpenSSL 1.0 beta
https://bugs.launchpad.net/bugs/378829
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.

Status in DC++: Fix Committed

Bug description:
To reproduce the crash
 start an SSL download from someone with high upload bandwith. 200-300KiB/sec or more
 while the high speed download runs, select 20-30 filelists from an adc hub and download them at once
 this should trigger the crash within seconds, at least at me

It can crash with lower speed transfers as well, but it can take up to several days to crash then. I experience this since the upgrade to Beta 1 of OpenSSL 1.0.0.

bzr 1773, WinXP, also tested with another build with gcc (given by poy) so it shouldn't be a compiling issue. 
I can't reproduce the crash with the MSVC build of the same revision.

--

Connected to SSL client using DHE-RSA-AES256-SHA
Thrown: SocketException: Kapcsolat lez+írva
BufferedSocket::run() end 0xbf4e6a0
threadAccBeufpf[New thread 5400.0x924]
BufferedtSocket::run() start
 0xbf4e6a0
eredSocket::accept() 0xbf4e6a0
BufferedSocket::accept()[New thread 5400.0x13c4]
BufCfCeored Soc0noxknnebenftec:etc9:ter9de8ud n0t
(to) So CS osSLntS ancLer ltcict el0enidxteb n tfuteos  9ui9SnsS8ig0L n
gDtcH lhDEriH-eeREan-StdARA S-ucAAcs-EieSApnE2gt5S
 26D5-H6-ESS-HHRAAS

A-AES256-SH
Program received signal SIGSEGV, Segmentation fault.
[Switching to thread 5400.0x1460]
0x77c46fa3 in msvcrt!memcpy () from C:\WINDOWS\system32\msvcrt.dll
(gdb) bt full
#0  0x77c46fa3 in msvcrt!memcpy () from C:\WINDOWS\system32\msvcrt.dll
No symbol table info available.
#1  0x006a3005 in EVP_MD_CTX_copy_ex (out=0xb8bb9f0, in=0xc417aa8)
    at ./crypto/evp/digest.c:291
        tmp_buf = <value optimized out>
#2  0x006af074 in HMAC_CTX_copy (dctx=0xb8bb9bc, sctx=0xc417a74)
    at ./crypto/hmac/hmac.c:171
No locals.
#3  0x0b8bb9a8 in ?? ()
No symbol table info available.
#4  0x006f63e1 in pkey_hmac_copy (dst=0xb8bb968, src=0xc1b0d68)
    at ./crypto/hmac/hm_pmeth.c:103
        sctx = (HMAC_PKEY_CTX *) 0xc417a60
#5  0x006b41ad in EVP_PKEY_CTX_dup (pctx=0xc1b0d68)
    at ./crypto/evp/pmeth_lib.c:279
        rctx = (EVP_PKEY_CTX *) 0xb8bb968
#6  0x129ffd14 in ?? ()
No symbol table info available.
#7  0x006a3021 in EVP_MD_CTX_copy_ex (out=0xa658e0, in=0x129ffcfc)
    at ./crypto/evp/digest.c:298
        tmp_buf = (
    unsigned char *) 0xb8bb8e8 "\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­
s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦zzz
zzzzzt¦t¦"
#8  0x006b700e in EVP_DigestSignFinal (ctx=0x129ffcfc, sigret=0x129ffd88 "",
    siglen=0x129ffd24) at ./crypto/evp/m_sigver.c:144
        md = "\037r\237\022ZVl\000\f¦\213\v\037r\237\022\005\000\000\000\b\000\0
00\000\223FE\017\000\000\000\000\004¦\213\vRR\237\022R°/\fÓ?A\fý¨/\f\024bo\000RS
\213\v\020py\v"
        mdlen = <value optimized out>
        r = <value optimized out>
        tmp_ctx = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0,
  pctx = 0x0, update = 0}
#9  0x0068750b in tls1_mac (ssl=0xc0371d0, md=0x129ffd88 "", send=0)
    at ./ssl/t1_enc.c:899
        rec = (SSL3_RECORD *) 0xc2ff9ec
        seq = (unsigned char *) 0xc2ff8e8 ""
        hash = (EVP_MD_CTX *) 0xcc6fae0
        md_size = 20
        hmac = {digest = 0x9f4b28, engine = 0x0, flags = 8, md_data = 0x0,
  pctx = 0xc1b0d68, update = 0x6f61f4 <int_update>}
        mac_ctx = (EVP_MD_CTX *) 0x129ffcfc
        buf = "\027\003\001\000"
        stream_mac = 0
        t = <value optimized out>
#10 0x00680123 in ssl3_read_bytes (s=0xc0371d0, type=23,
    buf=0x129ffe97 "\022@P+\f", len=1, peek=1) at ./ssl/s3_pkt.c:447
        al = <value optimized out>
        i = <value optimized out>
        ret = <value optimized out>
        n = 17736
        cb = (void (*)(const SSL *, int, int)) 0
#11 0x0067dc8d in ssl3_read_internal (s=0xc0371d0, buf=0x129ffe97, len=1,
    peek=1) at ./ssl/s3_lib.c:3254
        ret = <value optimized out>
#12 0x00608260 in dcpp::SSLSocket::wait (this=0xb3d04c0, millis=250,
    waitFor=2) at dcpp/SSLSocket.cpp:171
        c = 18 '\022'
#13 0x00558885 in dcpp::BufferedSocket::checkSocket (this=0xcc35008)
    at dcpp/BufferedSocket.cpp:432
        waitFor = -2142251686
#14 0x0055977a in dcpp::BufferedSocket::run (this=0xcc35008)
    at dcpp/BufferedSocket.cpp:451
        e = (const Exception &) @0x7c810669: {<exception> = {
    _vptr$exception = 0x5053ed33, data_ = {px_ = 0xeee9006a},
    throw_function_ = 0x0, throw_file_ = 0x0, throw_line_ = 786438}, error = {
    static npos = 4294967295,
    _M_dataplus = {<allocator<char>> = {<new_allocator<char>> = {<No data fields
>}, <No data fields>},
      _M_p = 0xeee9006a <Address 0xeee9006a out of bounds>}}}
#15 0x007f6502 in dcpp::Thread::starter (p=0xcc35040) at dcpp//Thread.h:132
        t = (Thread *) 0xcc35040
#16 0x7c80b699 in KERNEL32!GetModuleFileNameA ()
   from C:\WINDOWS\system32\kernel32.dll
No symbol table info available.
#17 0x00000000 in ?? ()
No symbol table info available.
(gdb)