search

ufairiya / mongoose

Automatically exported from code.google.com/p/mongoose
MIT License
0 stars 0 forks source link

Crash when switching SSL page to non-SSL page #96

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Open an SSL page: https://10.0.0.145(my IP)
2. Then open a non-SSL page: http://10.0.0.145
Do these two steps two or three times.

What is the expected output? What do you see instead?
The browser should display the same page. But I encountered a crash in
Mongoose with the following messages:
Then mongoose crashed with following messages:
[1257191398] [error] [client 10.0.0.145] worker_thread: SSL handshake error
*** glibc detected *** ./mongoose: double free or corruption (!prev):
0x08c4bff0 ***
======= Backtrace: =========
/lib/i686/cmov/libc.so.6[0xb7f28624]
/lib/i686/cmov/libc.so.6(cfree+0x96)[0xb7f2a826]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(CRYPTO_free+0x3a)[0xb7564cca]
/usr/lib/i686/cmov/libcrypto.so.0.9.8(BUF_MEM_free+0x47)[0xb75c5557]
/usr/lib/libssl.so(SSL_free+0xd2)[0xb76a2e82]
./mongoose[0x804f451]
======= Memory map: ========
08048000-08053000 r-xp 00000000 08:03 1515619   
/home/benl/Downloads/mongoose/mongoose
08053000-08054000 rw-p 0000a000 08:03 1515619   
/home/benl/Downloads/mongoose/mongoose
08c47000-08c68000 rw-p 00000000 00:00 0          [heap]
b6a00000-b6a21000 rw-p 00000000 00:00 0 
b6a21000-b6b00000 ---p 00000000 00:00 0 
b6b91000-b6b9d000 r-xp 00000000 08:03 2793536    /lib/libgcc_s.so.1
b6b9d000-b6b9e000 rw-p 0000b000 08:03 2793536    /lib/libgcc_s.so.1
b6bab000-b6bac000 ---p 00000000 00:00 0 
b6bac000-b73ac000 rw-p 00000000 00:00 0 
b73ac000-b74f0000 r-xp 00000000 08:03 3963495    /usr/lib/libcrypto.so.0.9.8
b74f0000-b7506000 rw-p 00144000 08:03 3963495    /usr/lib/libcrypto.so.0.9.8
b7506000-b7509000 rw-p 00000000 00:00 0 
b7509000-b751d000 r-xp 00000000 08:03 3958778    /usr/lib/libz.so.1.2.3.3
b751d000-b751e000 rw-p 00013000 08:03 3958778    /usr/lib/libz.so.1.2.3.3
b751e000-b7658000 r-xp 00000000 08:03 3973542   
/usr/lib/i686/cmov/libcrypto.so.0.9.8
b7658000-b766e000 rw-p 0013a000 08:03 3973542   
/usr/lib/i686/cmov/libcrypto.so.0.9.8
b766e000-b7671000 rw-p 00000000 00:00 0 
b7671000-b76b4000 r-xp 00000000 08:03 2531378    /usr/lib/libssl.so.0.9.8
b76b4000-b76b8000 rw-p 00042000 08:03 2531378    /usr/lib/libssl.so.0.9.8
b76b8000-b76b9000 ---p 00000000 00:00 0 
b76b9000-b7eba000 rw-p 00000000 00:00 0 
b7eba000-b800f000 r-xp 00000000 08:03 2803015    /lib/i686/cmov/libc-2.7.so
b800f000-b8010000 r--p 00155000 08:03 2803015    /lib/i686/cmov/libc-2.7.so
b8010000-b8012000 rw-p 00156000 08:03 2803015    /lib/i686/cmov/libc-2.7.so
b8012000-b8016000 rw-p 00000000 00:00 0 
b8016000-b802b000 r-xp 00000000 08:03 2803029   
/lib/i686/cmov/libpthread-2.7.so
b802b000-b802d000 rw-p 00014000 08:03 2803029   
/lib/i686/cmov/libpthread-2.7.so
b802d000-b802f000 rw-p 00000000 00:00 0 
b802f000-b8031000 r-xp 00000000 08:03 2803018    /lib/i686/cmov/libdl-2.7.so
b8031000-b8033000 rw-p 00001000 08:03 2803018    /lib/i686/cmov/libdl-2.7.so
b803f000-b8042000 rw-p 00000000 00:00 0 
b8042000-b8043000 r-xp 00000000 00:00 0          [vdso]
b8043000-b805d000 r-xp 00000000 08:03 2793486    /lib/ld-2.7.so
b805d000-b805f000 rw-p 0001a000 08:03 2793486    /lib/ld-2.7.so
bffb9000-bffce000 rw-p 00000000 00:00 0          [stack]
Aborted

What version of the product are you using? On what operating system?
Mongoose 2.8. Linux 2.6 + openSSL0.9.8

Please provide any additional information below.
If stick to SSL or non-SSL, it's ok.

Original issue reported on code.google.com by laiyibin2002@hotmail.com on 2 Nov 2009 at 9:08

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Seems nobody is interested in this issue.
It happens when a non-SSL connection is working in the same thread as a 
previous SSL
connection.

Any way, today I found the cause of the problem:

in "close_connection", after free SSL handle, the pointer is not reset to 0:
line4361:   if (conn->ssl)
            SSL_free(conn->ssl);

here it should be:
    if (conn->ssl)
    {
        SSL_free(conn->ssl);
        conn->ssl = 0;             /**** RESET the ssl pointer***/
    }
Now, the problem is gone.

Original comment by laiyibin2002@hotmail.com on 30 Nov 2009 at 9:52

GoogleCodeExporter commented 9 years ago 
Thanks, I had the same problem and your fix solved it.

Original comment by zitrax1...@gmail.com on 8 Feb 2010 at 5:26

GoogleCodeExporter commented 9 years ago 
Submitted http://code.google.com/p/mongoose/source/detail?r=511, thanks.

Original comment by valenok on 2 May 2010 at 11:16