Crash in ASN1_item_free

Sun, 17 Jun 2012 08:08:42 -0700 



Hi there,
 
I'm running OpenSSL 1.0.1 on Linux, and after error


SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC

in function 
ssl3_get_record, OpenSSL crashes:


Program terminated with signal 11, Segmentation fault.
#0  ASN1_STRING_free (a=0x7d70000000000000) at asn1_lib.c:441
441             if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))

(gdb) bt
#0  ASN1_STRING_free (a=0x7d70000000000000) at asn1_lib.c:441
#1  0x00007f092bfcd0aa in ASN1_primitive_free (pval=0x370b6548, 
it=0x7f092c274b80) at tasn_fre.c:261
#2  0x00007f092bfcd44f in ASN1_template_free (pval=0x370b6548, 
tt=0x7f092c27aa68) at tasn_fre.c:200
#3  0x00007f092bfcd262 in asn1_item_combine_free (pval=0x7f0922d86e70, 
it=0x7f092c2741e0, combine=0) at tasn_fre.c:170
#4  0x00007f092bfcd482 in ASN1_item_free (val=0x370b6540, it=0x7f092c274b80) at 
tasn_fre.c:71
#5  0x00007f092bfab930 in sk_pop_free (st=0x37019f00, func=0x7f092bfc8740 
<X509_NAME_ENTRY_free>) at stack.c:283
#6  0x00007f092bfc8596 in x509_name_ex_free (pval=0x1489ec68, it=<value 
optimized out>) at x_name.c:165
#7  0x00007f092bfcd44f in ASN1_template_free (pval=0x1489ec68, 
tt=0x7f092c27abe8) at tasn_fre.c:200
#8  0x00007f092bfcd262 in asn1_item_combine_free (pval=0x3762da80, 
it=0x7f092c2742e0, combine=0) at tasn_fre.c:170
#9  0x00007f092bfcd44f in ASN1_template_free (pval=0x3762da80, 
tt=0x7f092c27acc0) at tasn_fre.c:200
#10 0x00007f092bfcd262 in asn1_item_combine_free (pval=0x7f0922d86fd0, 
it=0x7f092c274320, combine=0) at tasn_fre.c:170
#11 0x00007f092bfcd482 in ASN1_item_free (val=0x3762da80, it=0x7f092c274b80) at 
tasn_fre.c:71
#12 0x00007f092aa37a32 in SSL_SESSION_free (ss=0x386bc6e0) at ssl_sess.c:759
#13 0x00007f092aa35af7 in SSL_free (s=0x14045380) at ssl_lib.c:555
In function ASN1_primitive_free , I get this:
(gdb) p utype
$1 = 738411420
which, eveidently, is garbage, and in ASN1_STRING_free, I get:
#0  ASN1_STRING_free (a=0x7d70000000000000) at asn1_lib.c:441
441             if (a->data && !(a->flags & ASN1_STRING_FLAG_NDEF))
(gdb) p a
$2 = (ASN1_STRING *) 0x7d70000000000000
(gdb) p{ASN1_STRING}0x7d70000000000000
Cannot access memory at address 0x7d70000000000000
Any ideas why does it happen?

Thanks,
Alick












                                          





















					Reply via email to