On Sun, Oct 08, 2006, The Havenard wrote:

> Hi. I use OpenSSL in some of my applications and I noticed that sometimes
> (I could say less then 2% times I run it) it crashed without apparent
> reason, but lately it happened ALWAYS, without any changes on the program,
> what's very strange. So I decided to track this bug, and I "almost" found
> it... My program crashes when it called SSL_connect(), I tought it were my
> code but tried hard to fix it and was completely unsuccessful. So I decided
> to start debuging the OpenSSL internals and started placing some hooks...
> I discovered where exactly the crash ocurred:
> ssl\s3_pkt.c, ssl3_read_n(), line 215: "s->s3->rbuf.offset = off + n;"
> The crash occurs because s->s3 is NULL.
> It's not NULL when ssl3_read_n() is called. It become NULL when
> ssl3_read_n() calls BIO_read(), at line 198. I don't know exactly how
> OpenSSL works but I guess BIO_read() should not mess with the SSL
> structure, what's very strange too...
> More exactly, s->s3 becomes NULL at:
> crypto\bio\bio_lib.c, BIO_read(), line 166:
> "i=b->method->bread(b,out,outl);"
> And here is where I couldn't go ahead with my bug track, because I couldn't
> discover who is b->method->bread. The only function I found that match this
> variable is never called in this process.
> But I discovered that when this function is called, SSL_free() is called
> too. Twice. (ssl\ssl_lib.c, SSL_free()) And SSL_free() is the one that set
> s->s3 to NULL.
> I want to continue this bug track, because it's important to me to make
> OpenSSL work here again, but I need some help to discover which function is
> b->method->bread. I'd love to use the Windows Search but it's "look inside"
> resource doesn't look inside of *.c files, and OpenSSL source looks
> confusing for me due to its excessive usage of macros.
> I tried a lot of different OpenSSL versions and all crashed. Some ones I
> compiled myself, and some binaries that I found in the Internet. All
> crashed.
> The same program with the same OpenSSL files works fine in other computers,
> whats making me crazy...
> I'd like to contribute with OpenSSL Community with this aleatory crash
> solved, but I just need some help with this b->method->bread().

This is within a BIO_METHOD structure. This is an I/O abstraction which is
used so lots of different I/O methods (fd, socket, FILE * etc) can use the
same I/O at the BIO level.

Which function this calls depends on the BIO in question. Probably it is the
socket function sock_read() in crypto/bio/bss_sock.c .

Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
__________________________________________________ ____________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org