Project

General

Profile

Actions
Copy link

Bug #1805

closed

OpenSSL crash after reuse of contexts

Added by joerg over 15 years ago. Updated about 15 years ago.

Status:
Invalid
Priority:
High
Category:
core
Target version:
1.4.21
ASK QUESTIONS IN Forums:

Description

The partial shutdown on the non-blocking socket can result in NULL pointer references inside OpenSSL later. The attached patch avoids that.
At least on NetBSD this can be triggered very easily.

Files

patch-aa (349 Bytes) patch-aa joerg, 2008-10-29 16:56
Actions
Copy link
 #1

Updated by joerg over 15 years ago

The patch is a workaround for correctly handling the double-shutdown. It might break clients that don't expect the silent shutdown though.

Actions
Copy link
 #2

Updated by stbuehler about 15 years ago

  • Status changed from New to Invalid
  • Patch available changed from Yes to No

That is not mentioned in the man page (http://www.openssl.org/docs/ssl/SSL_shutdown.html); and i don't see why this is a bug in lighttpd.

Btw: if you can easily reproduce NULL pointer dereferences, you should always provide the backtrace.

Actions
Copy link

Also available in: Atom