linuxdcpp-team team mailing list archive

[poy <378829@xxxxxxxxxxxxxxxxxx>]

Fixed in DC++ 0.780.

** Changed in: dcplusplus
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of
Dcplusplus-team, which is subscribed to DC++.
https://bugs.launchpad.net/bugs/378829

Title:
  Crash with SSL transfers since upgraded to OpenSSL 1.0 beta

Status in DC++:
  Fix Released

Bug description:
  To reproduce the crash
   start an SSL download from someone with high upload bandwith. 200-300KiB/sec or more
   while the high speed download runs, select 20-30 filelists from an adc hub and download them at once
   this should trigger the crash within seconds, at least at me

  It can crash with lower speed transfers as well, but it can take up to
  several days to crash then. I experience this since the upgrade to
  Beta 1 of OpenSSL 1.0.0.

  bzr 1773, WinXP, also tested with another build with gcc (given by poy) so it shouldn't be a compiling issue. 
  I can't reproduce the crash with the MSVC build of the same revision.

  --

  Connected to SSL client using DHE-RSA-AES256-SHA
  Thrown: SocketException: Kapcsolat lez+írva
  BufferedSocket::run() end 0xbf4e6a0
  threadAccBeufpf[New thread 5400.0x924]
  BufferedtSocket::run() start
   0xbf4e6a0
  eredSocket::accept() 0xbf4e6a0
  BufferedSocket::accept()[New thread 5400.0x13c4]
  BufCfCeored Soc0noxknnebenftec:etc9:ter9de8ud n0t
  (to) So CS osSLntS ancLer ltcict el0enidxteb n tfuteos  9ui9SnsS8ig0L n
  gDtcH lhDEriH-eeREan-StdARA S-ucAAcs-EieSApnE2gt5S
   26D5-H6-ESS-HHRAAS

  A-AES256-SH
  Program received signal SIGSEGV, Segmentation fault.
  [Switching to thread 5400.0x1460]
  0x77c46fa3 in msvcrt!memcpy () from C:\WINDOWS\system32\msvcrt.dll
  (gdb) bt full
  #0  0x77c46fa3 in msvcrt!memcpy () from C:\WINDOWS\system32\msvcrt.dll
  No symbol table info available.
  #1  0x006a3005 in EVP_MD_CTX_copy_ex (out=0xb8bb9f0, in=0xc417aa8)
      at ./crypto/evp/digest.c:291
          tmp_buf = <value optimized out>
  #2  0x006af074 in HMAC_CTX_copy (dctx=0xb8bb9bc, sctx=0xc417a74)
      at ./crypto/hmac/hmac.c:171
  No locals.
  #3  0x0b8bb9a8 in ?? ()
  No symbol table info available.
  #4  0x006f63e1 in pkey_hmac_copy (dst=0xb8bb968, src=0xc1b0d68)
      at ./crypto/hmac/hm_pmeth.c:103
          sctx = (HMAC_PKEY_CTX *) 0xc417a60
  #5  0x006b41ad in EVP_PKEY_CTX_dup (pctx=0xc1b0d68)
      at ./crypto/evp/pmeth_lib.c:279
          rctx = (EVP_PKEY_CTX *) 0xb8bb968
  #6  0x129ffd14 in ?? ()
  No symbol table info available.
  #7  0x006a3021 in EVP_MD_CTX_copy_ex (out=0xa658e0, in=0x129ffcfc)
      at ./crypto/evp/digest.c:298
          tmp_buf = (
      unsigned char *) 0xb8bb8e8 "\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­
  s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦\r­s¦zzz
  zzzzzt¦t¦"
  #8  0x006b700e in EVP_DigestSignFinal (ctx=0x129ffcfc, sigret=0x129ffd88 "",
      siglen=0x129ffd24) at ./crypto/evp/m_sigver.c:144
          md = "\037r\237\022ZVl\000\f¦\213\v\037r\237\022\005\000\000\000\b\000\0
  00\000\223FE\017\000\000\000\000\004¦\213\vRR\237\022R°/\fÓ?A\fý¨/\f\024bo\000RS
  \213\v\020py\v"
          mdlen = <value optimized out>
          r = <value optimized out>
          tmp_ctx = {digest = 0x0, engine = 0x0, flags = 0, md_data = 0x0,
    pctx = 0x0, update = 0}
  #9  0x0068750b in tls1_mac (ssl=0xc0371d0, md=0x129ffd88 "", send=0)
      at ./ssl/t1_enc.c:899
          rec = (SSL3_RECORD *) 0xc2ff9ec
          seq = (unsigned char *) 0xc2ff8e8 ""
          hash = (EVP_MD_CTX *) 0xcc6fae0
          md_size = 20
          hmac = {digest = 0x9f4b28, engine = 0x0, flags = 8, md_data = 0x0,
    pctx = 0xc1b0d68, update = 0x6f61f4 <int_update>}
          mac_ctx = (EVP_MD_CTX *) 0x129ffcfc
          buf = "\027\003\001\000"
          stream_mac = 0
          t = <value optimized out>
  #10 0x00680123 in ssl3_read_bytes (s=0xc0371d0, type=23,
      buf=0x129ffe97 "\022@P+\f", len=1, peek=1) at ./ssl/s3_pkt.c:447
          al = <value optimized out>
          i = <value optimized out>
          ret = <value optimized out>
          n = 17736
          cb = (void (*)(const SSL *, int, int)) 0
  #11 0x0067dc8d in ssl3_read_internal (s=0xc0371d0, buf=0x129ffe97, len=1,
      peek=1) at ./ssl/s3_lib.c:3254
          ret = <value optimized out>
  #12 0x00608260 in dcpp::SSLSocket::wait (this=0xb3d04c0, millis=250,
      waitFor=2) at dcpp/SSLSocket.cpp:171
          c = 18 '\022'
  #13 0x00558885 in dcpp::BufferedSocket::checkSocket (this=0xcc35008)
      at dcpp/BufferedSocket.cpp:432
          waitFor = -2142251686
  #14 0x0055977a in dcpp::BufferedSocket::run (this=0xcc35008)
      at dcpp/BufferedSocket.cpp:451
          e = (const Exception &) @0x7c810669: {<exception> = {
      _vptr$exception = 0x5053ed33, data_ = {px_ = 0xeee9006a},
      throw_function_ = 0x0, throw_file_ = 0x0, throw_line_ = 786438}, error = {
      static npos = 4294967295,
      _M_dataplus = {<allocator<char>> = {<new_allocator<char>> = {<No data fields
  >}, <No data fields>},
        _M_p = 0xeee9006a <Address 0xeee9006a out of bounds>}}}
  #15 0x007f6502 in dcpp::Thread::starter (p=0xcc35040) at dcpp//Thread.h:132
          t = (Thread *) 0xcc35040
  #16 0x7c80b699 in KERNEL32!GetModuleFileNameA ()
     from C:\WINDOWS\system32\kernel32.dll
  No symbol table info available.
  #17 0x00000000 in ?? ()
  No symbol table info available.
  (gdb)