[openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

[openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

Rich Salz via RT
On Sat Dec 14 08:42:01 2013, [hidden email] wrote:
>
> The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in
> tls1_mac().
> tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
> going, which results in Segmentation Fault at EVP_DigestUpdate().
>
> The following change in tls1_mac() fixes the segfault issue.
>

I agree that the return value should be checked but I'd like to know the
underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless something is
seriously wrong, e.g. memory allocation failures.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

Misaki Miyashita
Hi Steve,

Sorry for the late response.

Thank you for looking into the bug.

In our case, EVP_MD_CTX_copy() failure was caused by an application bug.
A child process was trying to use the session from its parent process,
and that caused an issue down in pkcs11 engine.

The application will be fixed.  At the same time, please consider
returning an error so that  segmentation fault can be prevented.

Thank you,

-- misaki


On 12/17/13 10:39, Stephen Henson via RT wrote:

> On Sat Dec 14 08:42:01 2013, [hidden email] wrote:
>> The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in
>> tls1_mac().
>> tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
>> going, which results in Segmentation Fault at EVP_DigestUpdate().
>>
>> The following change in tls1_mac() fixes the segfault issue.
>>
> I agree that the return value should be checked but I'd like to know the
> underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless something is
> seriously wrong, e.g. memory allocation failures.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

Rich Salz via RT
Hi Steve,

Sorry for the late response.

Thank you for looking into the bug.

In our case, EVP_MD_CTX_copy() failure was caused by an application bug.
A child process was trying to use the session from its parent process,
and that caused an issue down in pkcs11 engine.

The application will be fixed.  At the same time, please consider
returning an error so that  segmentation fault can be prevented.

Thank you,

-- misaki


On 12/17/13 10:39, Stephen Henson via RT wrote:

> On Sat Dec 14 08:42:01 2013, [hidden email] wrote:
>> The Segmentation Fault occurred when EVP_MD_CTX_copy() failed in
>> tls1_mac().
>> tls1_mac() doesn't check the return code of EVP_MD_CTX_copy() and keep
>> going, which results in Segmentation Fault at EVP_DigestUpdate().
>>
>> The following change in tls1_mac() fixes the segfault issue.
>>
> I agree that the return value should be checked but I'd like to know the
> underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless something is
> seriously wrong, e.g. memory allocation failures.
>
> Steve.
> --
> Dr Stephen N. Henson. OpenSSL project core developer.
> Commercial tech support now available see: http://www.openssl.org
>


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: [openssl.org #3201] EVP_DigestUpdate crashes because of a NULL pointer

Andrey Kulikov
EVP_MD_CTX_copy() also can fail due to external engine usage (including HW engine).
In this case underlying work can be more complicated that memory allocation.
Descriptors shortage, amount of simultaneous contexts constraints, etc. Or just bugs in engine code.

On 27 December 2013 21:39, Misaki.Miyashita via RT <[hidden email]> wrote:
>>
> I agree that the return value should be checked but I'd like to know the
> underlying cause. EVP_MD_CTX_copy() shouldn't normally fail unless something is
> seriously wrong, e.g. memory allocation failures.
>