Opened 8 years ago

Closed 8 years ago

#644 closed Bug / Defect (fixed)

segmentation fault on fedora 23

Reported by: chipitsine Owned by: Steffan Karger
Priority: major Milestone: release 2.3.10
Component: Generic / unclassified Version: OpenVPN git master branch (Community Ed)
Severity: Not set (select this one, unless your'e a OpenVPN developer) Keywords:
Cc: Steffan Karger

Description

==19381== Invalid read of size 8
==19381== at 0x487454: tls_ctx_check_cert_time (ssl_openssl.c:368)
==19381== by 0x47F619: init_ssl (ssl.c:571)
==19381== by 0x420F45: do_init_crypto_tls_c1 (init.c:2160)
==19381== by 0x4211F6: do_init_crypto_tls (init.c:2240)
==19381== by 0x42197B: do_init_crypto (init.c:2428)
==19381== by 0x423C92: init_instance (init.c:3550)
==19381== by 0x423855: init_instance_handle_signals (init.c:3405)
==19381== by 0x443788: tunnel_point_to_point (openvpn.c:70)
==19381== by 0x443BAD: openvpn_main (openvpn.c:270)
==19381== by 0x443CC0: main (openvpn.c:345)
==19381== Address 0x0 is not stack'd, malloc'd or (recently) free'd

good commit: https://github.com/OpenVPN/openvpn/commit/9dff2c1f106865a72a1d505076751dde170e88dc

got broken on: https://github.com/OpenVPN/openvpn/commit/091edd8e2996867447eeb665af957547aa8b3107

Change History (6)

comment:1 Changed 8 years ago by Gert Döring

Cc: Steffan Karger added

which version of openssl?

comment:2 Changed 8 years ago by Gert Döring

@syzzer: since this is the initial 1.0.2-only commit - is it possible that cert can be NULL here? We definitely do not check for it - I have no idea under which circumstances this could happen, but maybe in a client-cert-not-required setup?

@chipitsine: is this on client or server, and how does the config look like regarding --cert setting?

comment:3 Changed 8 years ago by chipitsine

it is openssl-1.0.2
it happens on client

config: http://openvpn.skbkontur.ru/skbkontur-main.ovpn

comment:4 Changed 8 years ago by chipitsine

it is openssl-1.0.2
it happens on client

config: http://openvpn.skbkontur.ru/skbkontur-main.ovpn

comment:5 Changed 8 years ago by Steffan Karger

Owner: set to Steffan Karger
Status: newaccepted

Ai, this is a stupid omission from my side. I tested the patch with all sorts of certificates, but did not test *without* a certificate... Apologies. I'll send a patch to the openvpn-devel mailinglist shortly.

comment:6 Changed 8 years ago by Gert Döring

Milestone: release 2.3.10
Resolution: fixed
Status: acceptedclosed

commit 868d9d01802da9bbbb3a758981f3c7310a905813 (master)
commit f4bf11daa8d659e74915c308930145963867d64c (master)

Author: Steffan Karger
Date: Sun Jan 3 10:47:56 2016 +0100

Fix regression in setups without a client certificate

thanks!

Note: See TracTickets for help on using tickets.