Project

General

Profile

Bug #1805

OpenSSL crash after reuse of contexts

Added by joerg almost 11 years ago. Updated over 10 years ago.

Status:
Invalid
Priority:
High
Assignee:
Category:
core
Target version:
Start date:
2008-10-29
Due date:
% Done:

0%

Estimated time:
Missing in 1.5.x:

Description

The partial shutdown on the non-blocking socket can result in NULL pointer references inside OpenSSL later. The attached patch avoids that.
At least on NetBSD this can be triggered very easily.

patch-aa (349 Bytes) patch-aa joerg, 2008-10-29 16:56

History

#1

Updated by joerg almost 11 years ago

The patch is a workaround for correctly handling the double-shutdown. It might break clients that don't expect the silent shutdown though.

#2

Updated by stbuehler over 10 years ago

  • Status changed from New to Invalid
  • Patch available changed from Yes to No

That is not mentioned in the man page (http://www.openssl.org/docs/ssl/SSL_shutdown.html); and i don't see why this is a bug in lighttpd.

Btw: if you can easily reproduce NULL pointer dereferences, you should always provide the backtrace.

Also available in: Atom