Opened 8 years ago
Closed 8 years ago
#644 closed Bug / Defect (fixed)
segmentation fault on fedora 23
Reported by: | chipitsine | Owned by: | Steffan Karger |
---|---|---|---|
Priority: | major | Milestone: | release 2.3.10 |
Component: | Generic / unclassified | Version: | OpenVPN git master branch (Community Ed) |
Severity: | Not set (select this one, unless your'e a OpenVPN developer) | Keywords: | |
Cc: | Steffan Karger |
Description
==19381== Invalid read of size 8
==19381== at 0x487454: tls_ctx_check_cert_time (ssl_openssl.c:368)
==19381== by 0x47F619: init_ssl (ssl.c:571)
==19381== by 0x420F45: do_init_crypto_tls_c1 (init.c:2160)
==19381== by 0x4211F6: do_init_crypto_tls (init.c:2240)
==19381== by 0x42197B: do_init_crypto (init.c:2428)
==19381== by 0x423C92: init_instance (init.c:3550)
==19381== by 0x423855: init_instance_handle_signals (init.c:3405)
==19381== by 0x443788: tunnel_point_to_point (openvpn.c:70)
==19381== by 0x443BAD: openvpn_main (openvpn.c:270)
==19381== by 0x443CC0: main (openvpn.c:345)
==19381== Address 0x0 is not stack'd, malloc'd or (recently) free'd
good commit: https://github.com/OpenVPN/openvpn/commit/9dff2c1f106865a72a1d505076751dde170e88dc
got broken on: https://github.com/OpenVPN/openvpn/commit/091edd8e2996867447eeb665af957547aa8b3107
Change History (6)
comment:1 Changed 8 years ago by
Cc: | Steffan Karger added |
---|
comment:2 Changed 8 years ago by
@syzzer: since this is the initial 1.0.2-only commit - is it possible that cert can be NULL here? We definitely do not check for it - I have no idea under which circumstances this could happen, but maybe in a client-cert-not-required setup?
@chipitsine: is this on client or server, and how does the config look like regarding --cert setting?
comment:5 Changed 8 years ago by
Owner: | set to Steffan Karger |
---|---|
Status: | new → accepted |
Ai, this is a stupid omission from my side. I tested the patch with all sorts of certificates, but did not test *without* a certificate... Apologies. I'll send a patch to the openvpn-devel mailinglist shortly.
comment:6 Changed 8 years ago by
Milestone: | → release 2.3.10 |
---|---|
Resolution: | → fixed |
Status: | accepted → closed |
commit 868d9d01802da9bbbb3a758981f3c7310a905813 (master)
commit f4bf11daa8d659e74915c308930145963867d64c (master)
Author: Steffan Karger
Date: Sun Jan 3 10:47:56 2016 +0100
Fix regression in setups without a client certificate
thanks!
which version of openssl?