Bug#418140: Even more detail on crl segfault

Sat, 07 Apr 2007 05:20:35 -0700 

I wrote:
> Next step for being able to see more info there would be to create a
> debugging build of Net::SSLeay.

So I did fetch the libnet-ssleay-perl source package and did

 DEB_BUILD_OPTIONS=nostrip buildpackage

(where "buildpackage" calls "dpkg-buildpackage -uc -us -b -rfakeroot")

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread -1210591552 (LWP 7420)]
X509_VERIFY_PARAM_set_flags (param=0x0, flags=4) at x509_vpm.c:217
217             param->flags |= flags;
(gdb) bt
#0  X509_VERIFY_PARAM_set_flags (param=0x0, flags=4) at x509_vpm.c:217
#1  0xb7c04257 in X509_STORE_CTX_set_flags (ctx=0x816ad10, flags=4) at
x509_vfy.c:1497
#2  0xb7cefb97 in XS_Net__SSLeay_X509_STORE_CTX_set_flags
(my_perl=0x814e008, cv=0x82b69c8)
    at SSLeay.c:4444
#3  0x080bdad1 in Perl_pp_entersub ()
#4  0x080bc3a9 in Perl_runops_standard ()
#5  0x08063bfd in perl_run ()
#6  0x0805ffd1 in main ()
(gdb) up
#1  0xb7c04257 in X509_STORE_CTX_set_flags (ctx=0x816ad10, flags=4) at
x509_vfy.c:1497
1497            X509_VERIFY_PARAM_set_flags(ctx->param, flags);
(gdb) up
#2  0xb7cefb97 in XS_Net__SSLeay_X509_STORE_CTX_set_flags
(my_perl=0x814e008, cv=0x82b69c8)
    at SSLeay.c:4444
4444            X509_STORE_CTX_set_flags(ctx, flags);

XS(XS_Net__SSLeay_X509_STORE_CTX_set_flags); /* prototype to pass
-Wmissing-prototypes */
XS(XS_Net__SSLeay_X509_STORE_CTX_set_flags)
{
    dXSARGS;
    if (items != 2)
        Perl_croak(aTHX_ "Usage:
Net::SSLeay::X509_STORE_CTX_set_flags(ctx, flags)");
    {
        X509_STORE_CTX *        ctx = (X509_STORE_CTX *)SvIV(ST(0));
        long    flags = (long)SvIV(ST(1));

        X509_STORE_CTX_set_flags(ctx, flags);
    }
    XSRETURN_EMPTY;
}

which is autogenerated from SSLeay.xs:

void
X509_STORE_set_flags(ctx, flags)
    X509_STORE *ctx
    long flags


There's no call of this function in the SSLeay.pm, so this is being
called directly from IO::Socket::SSL, from here:

    if ($arg_hash->{'SSL_check_crl'}) {
        if (Net::SSLeay::OPENSSL_VERSION_NUMBER() >= 0x0090702f)
        {
            Net::SSLeay::X509_STORE_CTX_set_flags   # <-- segfault
                (Net::SSLeay::CTX_get_cert_store($ctx),
                 Net::SSLeay::X509_V_FLAG_CRL_CHECK());
        } else {
            return IO::Socket::SSL->error("CRL not supported for OpenSSL
< v0.9.7b");
        }
    }

So somehow IO::Socket::SSL manages to create a ctx object which contains
a NULL "param" struct field, by calling
Net::SSLeay::CTX_get_cert_store($ctx). Whose fault is this?

Christian.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to