Working with Strings on a SSL Server

Thu, 14 Aug 2008 00:41:40 -0700 

Hi everybody,
I have a very strange problem and hope that somebody is able to help me. I wrote a simple client and server in C that authenticate each other mutually using SSL. The SSL connection itself is working and I was able to exchange messages using SSL_write and SSL_read. The client sends X509 extensions as strings to the server. The server is able to read them and prints them to stdout. Those extensions contain some special values I want to check on the server. The general idea is that the client has some certificates, he wants to check. But those certificates contain some special values, he cannot check. Therefore he establishes a SSL connection to a verification server that will verify those values and send the result to the client. 


As I said, I am able to send those values using SSL_write to the server 
who is able to read them using SSL_read. In order to verify those 
values, the server has to open some local files. In order to do so, I 
create the filename:


sprintf(filename,"certs/%s",dirpt->d_name);


This will create a null-terminated string. Even if I never use this 
string, just because I created it, SSL_clear will coredump with


*** glibc detected *** ./server: free(): invalid pointer: 0x0806ed48 ***
======= Backtrace: =========
/lib/libc.so.6[0xb7ccfa00]
/lib/libc.so.6(cfree+0x89)[0xb7cd16f9]
/usr/lib/libcrypto.so.0.9.8(CRYPTO_free+0x38)[0xb7e32208]
/usr/lib/libcrypto.so.0.9.8(ASN1_OBJECT_free+0x89)[0xb7eb4479]
/usr/lib/libcrypto.so.0.9.8(ASN1_primitive_free+0xf5)[0xb7ec2cb5]
/usr/lib/libcrypto.so.0.9.8[0xb7ec2f0f]
/usr/lib/libcrypto.so.0.9.8(ASN1_template_free+0x89)[0xb7ec2fe9]
/usr/lib/libcrypto.so.0.9.8[0xb7ec2ef0]
/usr/lib/libcrypto.so.0.9.8(ASN1_item_free+0x13)[0xb7ec3033]
/usr/lib/libcrypto.so.0.9.8(X509_NAME_ENTRY_free+0x27)[0xb7ebc5f7]
/usr/lib/libcrypto.so.0.9.8(sk_pop_free+0x40)[0xb7ea2b90]
/usr/lib/libcrypto.so.0.9.8[0xb7ebc1e6]
/usr/lib/libcrypto.so.0.9.8[0xb7ec2e25]
/usr/lib/libcrypto.so.0.9.8(ASN1_template_free+0x89)[0xb7ec2fe9]
/usr/lib/libcrypto.so.0.9.8[0xb7ec2ef0]
/usr/lib/libcrypto.so.0.9.8(ASN1_template_free+0x89)[0xb7ec2fe9]
/usr/lib/libcrypto.so.0.9.8[0xb7ec2ef0]
/usr/lib/libcrypto.so.0.9.8(ASN1_item_free+0x13)[0xb7ec3033]
/usr/lib/libcrypto.so.0.9.8(X509_free+0x27)[0xb7ebc9c7]
/usr/lib/libssl.so.0.9.8(SSL_SESSION_free+0xda)[0xb7de185a]
/usr/lib/libssl.so.0.9.8(SSL_clear+0x11f)[0xb7ddf77f]
./server[0x804a332]
/lib/libpthread.so.0[0xb7d9f18b]
/lib/libc.so.6(clone+0x5e)[0xb7d2b09e]


I tried to create the filename string also using memcpy. Everything is 
fine until this string becomes null-terminated...



I know, that sounds very strange, but does anybody have any idea how to 
solve that problem??


Regards
Carolin

--
Carolin Latze
Research Assistant

Department of Computer Science
Boulevard de PĂ©rolles 90
CH-1700 Fribourg

phone: +41 26 300 83 30
homepage: http://diuf.unifr.ch/people/latzec


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           [EMAIL PROTECTED]






















					Reply via email to