Working with Strings on a SSL Server - Openssl

This is a discussion on Working with Strings on a SSL Server - Openssl ; Hi everybody, I have a very strange problem and hope that somebody is able to help me. I wrote a simple client and server in C that authenticate each other mutually using SSL. The SSL connection itself is working and ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Working with Strings on a SSL Server

  1. Working with Strings on a SSL Server

    Hi everybody,

    I have a very strange problem and hope that somebody is able to help me.
    I wrote a simple client and server in C that authenticate each other
    mutually using SSL. The SSL connection itself is working and I was able
    to exchange messages using SSL_write and SSL_read. The client sends X509
    extensions as strings to the server. The server is able to read them and
    prints them to stdout. Those extensions contain some special values I
    want to check on the server. The general idea is that the client has
    some certificates, he wants to check. But those certificates contain
    some special values, he cannot check. Therefore he establishes a SSL
    connection to a verification server that will verify those values and
    send the result to the client.

    As I said, I am able to send those values using SSL_write to the server
    who is able to read them using SSL_read. In order to verify those
    values, the server has to open some local files. In order to do so, I
    create the filename:

    sprintf(filename,"certs/%s",dirpt->d_name);

    This will create a null-terminated string. Even if I never use this
    string, just because I created it, SSL_clear will coredump with

    *** glibc detected *** ./server: free(): invalid pointer: 0x0806ed48 ***
    ======= Backtrace: =========
    /lib/libc.so.6[0xb7ccfa00]
    /lib/libc.so.6(cfree+0x89)[0xb7cd16f9]
    /usr/lib/libcrypto.so.0.9.8(CRYPTO_free+0x38)[0xb7e32208]
    /usr/lib/libcrypto.so.0.9.8(ASN1_OBJECT_free+0x89)[0xb7eb4479]
    /usr/lib/libcrypto.so.0.9.8(ASN1_primitive_free+0xf5)[0xb7ec2cb5]
    /usr/lib/libcrypto.so.0.9.8[0xb7ec2f0f]
    /usr/lib/libcrypto.so.0.9.8(ASN1_template_free+0x89)[0xb7ec2fe9]
    /usr/lib/libcrypto.so.0.9.8[0xb7ec2ef0]
    /usr/lib/libcrypto.so.0.9.8(ASN1_item_free+0x13)[0xb7ec3033]
    /usr/lib/libcrypto.so.0.9.8(X509_NAME_ENTRY_free+0x27)[0xb7ebc5f7]
    /usr/lib/libcrypto.so.0.9.8(sk_pop_free+0x40)[0xb7ea2b90]
    /usr/lib/libcrypto.so.0.9.8[0xb7ebc1e6]
    /usr/lib/libcrypto.so.0.9.8[0xb7ec2e25]
    /usr/lib/libcrypto.so.0.9.8(ASN1_template_free+0x89)[0xb7ec2fe9]
    /usr/lib/libcrypto.so.0.9.8[0xb7ec2ef0]
    /usr/lib/libcrypto.so.0.9.8(ASN1_template_free+0x89)[0xb7ec2fe9]
    /usr/lib/libcrypto.so.0.9.8[0xb7ec2ef0]
    /usr/lib/libcrypto.so.0.9.8(ASN1_item_free+0x13)[0xb7ec3033]
    /usr/lib/libcrypto.so.0.9.8(X509_free+0x27)[0xb7ebc9c7]
    /usr/lib/libssl.so.0.9.8(SSL_SESSION_free+0xda)[0xb7de185a]
    /usr/lib/libssl.so.0.9.8(SSL_clear+0x11f)[0xb7ddf77f]
    ../server[0x804a332]
    /lib/libpthread.so.0[0xb7d9f18b]
    /lib/libc.so.6(clone+0x5e)[0xb7d2b09e]

    I tried to create the filename string also using memcpy. Everything is
    fine until this string becomes null-terminated...

    I know, that sounds very strange, but does anybody have any idea how to
    solve that problem??

    Regards
    Carolin

    --
    Carolin Latze
    Research Assistant

    Department of Computer Science
    Boulevard de Pérolles 90
    CH-1700 Fribourg

    phone: +41 26 300 83 30
    homepage: http://diuf.unifr.ch/people/latzec


    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


  2. Re: Working with Strings on a SSL Server

    Carolin Latze wrote:
    > Hi everybody,
    >
    > I have a very strange problem and hope that somebody is able to help
    > me. I wrote a simple client and server in C that authenticate each
    > other mutually using SSL. The SSL connection itself is working and I
    > was able to exchange messages using SSL_write and SSL_read. The client
    > sends X509 extensions as strings to the server. The server is able to
    > read them and prints them to stdout. Those extensions contain some
    > special values I want to check on the server. The general idea is that
    > the client has some certificates, he wants to check. But those
    > certificates contain some special values, he cannot check. Therefore
    > he establishes a SSL connection to a verification server that will
    > verify those values and send the result to the client.
    >
    > As I said, I am able to send those values using SSL_write to the
    > server who is able to read them using SSL_read. In order to verify
    > those values, the server has to open some local files. In order to do
    > so, I create the filename:
    >
    > sprintf(filename,"certs/%s",dirpt->d_name);
    >
    > This will create a null-terminated string. Even if I never use this
    > string, just because I created it, SSL_clear will coredump with
    >
    > *** glibc detected *** ./server: free(): invalid pointer: 0x0806ed48 ***

    ....
    >
    > I tried to create the filename string also using memcpy. Everything is
    > fine until this string becomes null-terminated...
    >
    > I know, that sounds very strange, but does anybody have any idea how
    > to solve that problem??

    free() showing an invalid pointer is most likely the consequence of the
    heap memory management running into corrupted data structures.

    * Using sprintf() is a bad idea. Use snprintf() which will enforce a
    a length check preventing the buffer (filename) from overrun.
    * You don't say in which way filename or dirpt->d_name are allocated.
    * Use a dynamic memory allocation debugger like Efence to help in
    tracking down this issue.


    Best regards,
    Lutz
    __________________________________________________ ____________________
    OpenSSL Project http://www.openssl.org
    User Support Mailing List openssl-users@openssl.org
    Automated List Manager majordomo@openssl.org


+ Reply to Thread