[From nobody Sat Mar 21 13:49:06 2026
Received: (at 742240-done) by bugs.debian.org; 21 Mar 2026 13:46:16 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
 (2024-03-25) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.1 required=4.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,HAS_BUG_NUMBER,
 RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS autolearn=ham
 autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 27; hammy, 76; neutral, 24; spammy, 1.
 spammytokens:0.942-+--H*r:bugs.debian.org
 hammytokens:0.000-+--HCc:U*debian, 0.000-+--H*F:U*sebastian,
 0.000-+--H*F:D*breakpoint.cc, 0.000-+--H*RU:sk:chamill,
 0.000-+--H*r:sk:chamill
Return-path: &lt;sebastian@breakpoint.cc&gt;
Received: from chamillionaire.breakpoint.cc ([91.216.245.30]:53056)
 by buxtehude.debian.org with esmtps
 (TLS1.3:ECDHE_X25519__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;sebastian@breakpoint.cc&gt;)
 id 1w3wee-007XPb-1H for 742240-done@bugs.debian.org;
 Sat, 21 Mar 2026 13:46:16 +0000
Date: Sat, 21 Mar 2026 14:46:11 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=breakpoint.cc;
 s=2025; t=1774100772;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=pz62S+0HomnQ/WjdgA4p6RqZVnn4esgFy2Hs7+g9Nmg=;
 b=Waganzloxhxx4ce7ds2St9pqV7+t2uNBoHcXMMlTpDcVgoxmCyZPv0XnLoI1vlV1pbWavo
 Ps/4EUBkSmTa/U0n66oARATTxoDwk+3TQWh5RBx/bTNSOsvDXyiy8OB2SyzhaBQeuiyipY
 jJbTswwwK9OjVoOOYIGDeEcsJDsDDyIu2582+Wyj0ygTT9o4qomj4ao/Y/vxo+tFF68Tc/
 uoLnhq74oyi2lQWNmJrzF4DtdFlER/BvJ63H3caelOLpxzQYAzl6oBc0UN3ZEGnhy5Qfyl
 9lcf/BPONAUjO/9zUI7DxPzDUxQ1L1MrdbmBmIhumYP8Vaz+rmdKeW51Ap+GOg==
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=breakpoint.cc;
 s=2025e; t=1774100772;
 h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
 in-reply-to:in-reply-to:references:references;
 bh=pz62S+0HomnQ/WjdgA4p6RqZVnn4esgFy2Hs7+g9Nmg=;
 b=1FLYo9vqq2M+wmY5JdFbuUCttQldA7lkuIlaKlD/mseAi5mkVj/1Zcdn2woDHuh1vsCGgf
 eoiIFxbiJKJp/MBg==
From: Sebastian Andrzej Siewior &lt;sebastian@breakpoint.cc&gt;
To: 742240-done@bugs.debian.org
Cc: Brandon &lt;debian@bwysystems.com&gt;
Subject: Re: Bug#742240: libssl1.0.0: TLSv1_client_method()/SSL_Connect()
 heap overrun
Message-ID: &lt;20260321134611.XlyMJ7_7@breakpoint.cc&gt;
References: &lt;20140321060411.24666.39288.reportbug@flux&gt;
 &lt;20140321060411.24666.39288.reportbug@flux&gt;
 &lt;20170904194619.ky5d2ridu56tjmnu@breakpoint.cc&gt;
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: &lt;20170904194619.ky5d2ridu56tjmnu@breakpoint.cc&gt;

On 2017-09-04 21:46:21 [+0200], To Brandon wrote:
&gt; On 2014-03-21 02:04:11 [-0400], Brandon wrote:
&gt; &gt; When creating a client context with SSL_CTX_new(TLSv1_client_method()),
&gt; &gt; SSL_Connect() triggers a heap overrun with the following output from valgrind:
&gt; 
&gt; Does this still occur as of 1.1.0f?

The reporter did not come back, I can't reproduce this (it is sort of
difficult to get a TLSv1 only connection these days).

Closing.

Sebastian]