Open feliwir opened 3 years ago
Looking at the code, I do not see how we can end up with the CBB having an invalid pointer in normal use (and we'd likely have multiple reports if that was the case). This is basically suggesting that the base->buf
pointer is invalid, however the only time that pointer changes is when recallocarray()
is called or when it is freed (at which point it is set to NULL and we'd be seeing a NULL pointer dereference as a result).
Can you confirm that the trace is always the same (including tls13_server_certificate_verify_send
) each time?
Without a reproducable test case it is going to be rather difficult to investigate further - you could add debugging to print/log the pointer when it is allocated (via the call to tls13_handshake_msg_start()
on line 414 of tls13_handshake.c
) and see how that compares to the pointer in the recallocarray()
call that fails.
The trace is indeed always the same, but i can't really produce a testcase. I only found this issue while testing our software, and unfortunaly i don't have the resources to track this down to the root
Hello, i'm using LibreSSL with asio to perform a SSL handshake. However
cbb_buffer_add
is crashing for me. The issue is occuring randomly and i cannot really reproduce it reliably. Here is my callstack (the important parts of it)_I'm using the latest LibreSSL version (3.2.2)