Open brucejee opened 6 years ago
It muse be double free bug. First backtrace:
(gdb) bt
#0 CRYPTO_free (str=0x6237c0, file=0x7ffff78e8d51 "crypto/stack/stack.c", line=274) at crypto/mem.c:179
#1 0x00007ffff787b09c in OPENSSL_sk_free (st=0x6237c0) at crypto/stack/stack.c:274
#2 0x00000000004046a0 in sk_SSL_COMP_free (sk=0x6237c0) at /usr/local/include/openssl/ssl.h:846
#3 0x0000000000405511 in evt_ctx_free (ctx=0x7fffffffe3b0) at ../..//src/evt_tls.c:421
#4 0x000000000040467e in main () at tls_client_test.c:94
Second backtrace:
(gdb)
Single stepping until exit from function __libc_start_main,
which has no line number information.
OPENSSL_INIT: ossl_init_thread_stop: err_delete_thread_state()
OPENSSL_INIT: ssl_library_stop: ssl_comp_free_compression_methods_int()
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff6d2638c in free () from /lib64/libc.so.6
(gdb) bt
#0 0x00007ffff6d2638c in free () from /lib64/libc.so.6
#1 0x00007ffff781614e in CRYPTO_free (str=0xa4cb33d2, file=0x7ffff7bc130b "ssl/ssl_ciph.c", line=1799) at crypto/mem.c:179
#2 0x00007ffff7b8d22b in cmeth_free (cm=0xa4cb33d2) at ssl/ssl_ciph.c:1799
#3 0x00007ffff787b036 in OPENSSL_sk_pop_free (st=0x6237c0, func=0x7ffff7b8d207 <cmeth_free>) at crypto/stack/stack.c:265
#4 0x00007ffff7b8a391 in sk_SSL_COMP_pop_free (sk=0x6237c0, freefunc=0x7ffff7b8d207 <cmeth_free>) at include/openssl/ssl.h:846
#5 0x00007ffff7b8d25e in ssl_comp_free_compression_methods_int () at ssl/ssl_ciph.c:1806
#6 0x00007ffff7b8f305 in ssl_library_stop () at ssl/ssl_init.c:153
#7 0x00007ffff7810f31 in OPENSSL_cleanup () at crypto/init.c:412
#8 0x00007ffff6cdea49 in __run_exit_handlers () from /lib64/libc.so.6
#9 0x00007ffff6cdea95 in exit () from /lib64/libc.so.6
#10 0x00007ffff6cc7b3c in __libc_start_main () from /lib64/libc.so.6
#11 0x00000000004042e7 in _start ()
st=0x6237c0 is freed by sk_SSL_COMP_free and ssl_library_stop.
change void evt_ctx_free(evt_ctx_t *ctx) and fix this coredump:
- sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
+ SSL_COMP_free_compression_methods();
Thanks for the contribution, sorry for being late. Let me have a close look and get back to your pull request
OK, I copy some code from libimobiledevice project, and it works fine for different openssl versions.
i have just removed
sk_SSL_COMP_free(SSL_COMP_get_compression_methods()); at evt_ctx_free
I compile openssl1.1.0h use the default config. Just test evt and client in libuv-tls directory. And i receive coredump as follows, I found something related here and here