openssl_fopen() causes segmentation fault (access violation) under some conditions on Windows #24416
Labels
branch: master
Merge to master branch
branch: 3.0
Merge to openssl-3.0 branch
branch: 3.1
Merge to openssl-3.1
branch: 3.2
Merge to openssl-3.2
branch: 3.3
Merge to openssl-3.3
good first issue
Bite size change that could be a good start
help wanted
triaged: bug
The issue/pr is/fixes a bug
This has been verified with OpenSSL 3.0.11, but seems to happen with any OpenSSL version on Windows.
The actual, lengthly report comes from https://lists.apache.org/thread/m1dbj3w1x1oqftqsbj7jbnvkm2073x1o
The code in question is here: https://github.com/apache/tomcat-native/blob/4eaa5c93c632f1ea80e889b5458d5b95f57b59a2/native/src/sslcontext.c#L711 where the first argument is not
NULL
while the second one isNULL
.Issue: Upon calling this function (
SSL_add_file_cert_subjects_to_stack()
) OpenSSL causes a "EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x000001e5288f772e, pid=17588, tid=0x0000000000003aec". The reason is that theNULL
pointer is passed along and reachesopenssl_fopen()
. Whilefopen()
on Windows and POSIX-like properly setserrno
onNULL
pointer. The problem is the Windows code:openssl/crypto/o_fopen.c
Lines 41 to 42 in a6afe2b
strlen()
crashes upon aNULL
pointer.From my PoV:
NULL
pointer are valid input or notMaybe the easiest way would be a
NULL
check and pass along tofopen()
where it can set theerrno
properly.The text was updated successfully, but these errors were encountered: