Double free related with ERR_clear_error() & ERR_clear_error()

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

Double free related with ERR_clear_error() & ERR_clear_error()

Aaron
This post has NOT been accepted by the mailing list yet.
Hi,

One of our products hit a double free issue in OpenSSL libs. The issue only can be reproduced on Windows 64bit platform with many threads running concurrently to connect to server.

I read some articles in or outside this forum
1) http://openssl.6102.n7.nabble.com/Re-double-free-or-corruption-prev-in-CRYPTO-free-Fix-done-in-OpenSSL-td13731.html
I verified this is not my case becuase on Windows 64bit, GetCurrentThreadId() is called to retrieves thread Ids.
2) https://github.com/openssl/openssl/issues/2809
I verified this is not my case too because we call SSL_library_init() in a correct way.

Here are the stack traces.
1) 00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x000000000168530E os_get_cur_stk_desc+ 0xfe (0x0000000007F3C140, 0x0000000007F3C140, 0x0000000007F3E710, 0x00000000011DE6A0)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x00000000015FE26F pcstkwalk+ 0x3df (0x000000002E37003C, 0x0000000007F3C210, 0x000000000000270F, 0x000000002A4B0E70)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x00000000015FEAA9 ucstkgentrace+ 0x339 (0x0000000003658CB0, 0x0000000000000001, 0x0000000062F1D1B0, 0x0000000000000001)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x00000000015FCCD4 ucbacktrace+ 0x84 (0x0000000026587720, 0x0000000000000001, 0x00000000038E0150, 0x0000000000017050)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x0000000001672891 ks_ffree+ 0x1c1 (0x0000000000000065, 0x0000000062F39E40, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x000000000346E6E5 local_free+ 0x35 (0x0000000026587720, 0x00000000000001F5, 0x0000000000000000, 0x0000000020067110)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x0000000003492C14 CRYPTO_free+ 0x34 (0x0000000026587720, 0x0000000000000001, 0x0000000003658CE0, 0xCCCCCCCC000001F5)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x0000000003480DEF ERR_STATE_free+ 0xbf (0x0000000026587720, 0x0000000007F3F080, 0xCCCCCCCC00000406, 0xCCCCCCCCCCCCCCCC)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x0000000003481F1C ERR_get_state+ 0x17c (0xCCCCCCCC00000002, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC, 0x000000000364BC90)
00:0007:00000:00095:2017/05/09 02:21:00.67 kernel  pc: 0x00000000034812C2 ERR_clear_error+ 0x12 (0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC)
--- Application code here ---

2) 00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x000000000168530E os_get_cur_stk_desc+ 0xfe (0x000000000984B8F0, 0x000000000984B8F0, 0x000000000984DEC0, 0x00000000011DE6A0)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x00000000015FE26F pcstkwalk+ 0x3df (0x00000000741300E7, 0x000000000984B9C0, 0x000000000000270F, 0x000000002A4EBAF0)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x00000000015FEAA9 ucstkgentrace+ 0x339 (0x0000000003658CB0, 0x0000000000000001, 0x0000000000000000, 0x0000000000000000)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x00000000015FCCD4 ucbacktrace+ 0x84 (0x0000000026796160, 0x0000000000000001, 0x00000000038E0150, 0x0000000000017050)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x0000000001672891 ks_ffree+ 0x1c1 (0x0000000000000000, 0x00000000204B4A50, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x000000000346E6E5 local_free+ 0x35 (0x0000000026796160, 0x00000000000001F5, 0x0000000000000000, 0x0000000020067110)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x0000000003492C14 CRYPTO_free+ 0x34 (0x0000000026796160, 0x0000000000000001, 0x0000000003658CE0, 0x0000C981000001F5)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x0000000003480DEF ERR_STATE_free+ 0xbf (0x0000000026796160, 0x000000000984E830, 0xCCCCCCCC00000406, 0x00000000263C5F60)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x0000000003481EFB ERR_get_state+ 0x15b (0x00000000035944CF, 0x00000000035944B0, 0x00000000262614A0, 0xCCCCCCCCCCCCCCCC)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x000000000348151C get_error_values+ 0x2c (0xCCCCCCCC00000000, 0xCCCCCCCC00000000, 0x0000000000000000, 0x0000000000000000)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x000000000348149E ERR_peek_error+ 0x2e (0x00000000262614A0, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC)
00:0006:00000:00209:2017/05/09 02:22:09.07 kernel  pc: 0x000000000357EF89 SSL_get_error+ 0x29 (0x00000000262614A0, 0x00000000FFFFFFFF, 0xCCCCCCCCCCCCCCCC, 0xCCCCCCCCCCCCCCCC)
--- Application code here ---

Anyone has related experiences on this? Any help is appreciated.

Thanks,
Aaron