openssl_fopen() causes segmentation fault (access violation) under some conditions on Windows #24416
Comments
|
I do not think that calling fopen with NULL pathname is actually valid. Yes, it might not crash for some implementations but it is not an explicitly documented behavior. I believe we should check this in SSL_add_file_cert_subjects_to_stack() and fail if the second argument is NULL. |
t8m
added
branch: master
At least both Windows and FreeBSD gave me a reasonable errno, but true if it is not documented do not rely on it. |
|
OpenSSL doesn't set |
I was solely referring to |
This has been verified with OpenSSL 3.0.11, but seems to happen with any OpenSSL version on Windows.
The actual, lengthly report comes from https://lists.apache.org/thread/m1dbj3w1x1oqftqsbj7jbnvkm2073x1o
The code in question is here: https://github.com/apache/tomcat-native/blob/4eaa5c93c632f1ea80e889b5458d5b95f57b59a2/native/src/sslcontext.c#L711 where the first argument is not
NULLwhile the second one isNULL.Issue: Upon calling this function (
SSL_add_file_cert_subjects_to_stack()) OpenSSL causes a "EXCEPTION_ACCESS_VIOLATION (0xc0000005) at pc=0x000001e5288f772e, pid=17588, tid=0x0000000000003aec". The reason is that theNULLpointer is passed along and reachesopenssl_fopen(). Whilefopen()on Windows and POSIX-like properly setserrnoonNULLpointer. The problem is the Windows code:openssl/crypto/o_fopen.c
Lines 41 to 42 in a6afe2b
strlen()crashes upon aNULLpointer.From my PoV:
NULLpointer are valid input or notMaybe the easiest way would be a
NULLcheck and pass along tofopen()where it can set theerrnoproperly.The text was updated successfully, but these errors were encountered: