Actions
Bug #2759
closedssl client certificate authentication segfaults with version 1.4.42
ASK QUESTIONS IN Forums:
Description
After updating to version 1.4.42 lihgttpd crashes on websites using client certificate authentication.
gdb backtrace:
Program received signal SIGSEGV, Segmentation fault. __GI___libc_free (mem=0x5b55c57cc0) at malloc.c:2929 2929 malloc.c: No such file or directory. (gdb) bt #0 __GI___libc_free (mem=0x5b55c57cc0) at malloc.c:2929 #1 0x00007ffff71b7fcd in CRYPTO_free () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 #2 0x00007ffff71f0d6a in bn_expand2 () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 #3 0x00007ffff71f1150 in BN_bin2bn () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 #4 0x00007ffff7255616 in ASN1_INTEGER_to_BN () from /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 #5 0x0000555555561343 in https_add_ssl_client_entries (con=con@entry=0x555555a29940, srv=0x555555792010) at response.c:185 #6 0x0000555555562ab0 in http_response_prepare (srv=srv@entry=0x555555792010, con=con@entry=0x555555a29940) at response.c:370 #7 0x000055555556446b in connection_state_machine (srv=0x555555792010, con=0x555555a29940) at connections.c:1176 #8 0x000055555555f976 in main (argc=<optimized out>, argv=<optimized out>) at server.c:1804
The same configuration configuration worked with version 1.4.41 without crash,
virtual hosts without client certificate authentication do not crash lighttpd version 1.4.42.
Updated by gstrauss over 7 years ago
This might already be fixed in lighttpd git master HEAD with 961eba9e Would you mind testing with that? Thanks.
Updated by flynn over 7 years ago
I applied the patch and it works, does not segfault anymore.
Updated by gstrauss over 7 years ago
- Status changed from New to Fixed
Thanks for confirming
Fixed in 961eba9e
Actions
Also available in: Atom