[tor-bugs] #13471 [Tor]: router daemon crashes with openssl built no_ssl3

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Oct 19 12:41:16 UTC 2014


#13471: router daemon crashes with openssl built no_ssl3
-------------------------+-------------------------------------------------
     Reporter:           |      Owner:
  starlight              |     Status:  new
         Type:  defect   |  Milestone:  Tor: 0.2.6.x-final
     Priority:  major    |    Version:  Tor: 0.2.4.24
    Component:  Tor      |   Keywords:  tor-relay ssl3 poodle 025-backport
   Resolution:           |  024-backport 023-backport
Actual Points:           |  Parent ID:
       Points:           |
-------------------------+-------------------------------------------------

Comment (by nickm):

 So if the version is right, and the stack trace can be trusted, that's
 happening in tor_tls_free's call to `SSL_set_tlsext_host_name(tls->ssl,
 NULL);`

 And if the stack trace can be trusted, the problem is happening in "
 SSL_ctrl openssl-1.0.1j-as/ssl_lib.c:1106".  In a stock openssl-1.0.1j,
 that line is
 {{{
   return(s->method->ssl_ctrl(s,cmd,larg,parg));
 }}}

 So, the possibilities seem to be that s->method is junk, that
 s->method->ssl_ctrl is junk, or that something about my analysis above is
 wrong.

 Could you try taking a debugger to look at the contents of tls->ssl and
 tls->ssl->method in tor_tls_free() when this violation happens?

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/13471#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list