Bug#334938: [Pkg-openssl-devel] Bug#334938: libssl0.9.8: libcrypt-ssleay-perl seg faults via https addresses

Kurt Roeckx kurt at roeckx.be
Fri Oct 21 21:21:20 UTC 2005


reassign 334938 libcrypt-ssleay-perl
thanks

On Thu, Oct 20, 2005 at 05:11:14PM -0700, Kees Cook wrote:
> Package: libssl0.9.8
> Version: 0.9.8a-2
> Severity: grave
> Justification: renders package unusable
> 
> 
> There is a seg fault when using Perl LWP to access https sites:
> 
> #0  0xb7dc3942 in SSL_CTX_ctrl () from /usr/lib/i686/cmov/libssl.so.0.9.8
> #1  0xb7de07de in XS_Crypt__SSLeay__CTX_new ()
>    from /usr/lib/perl5/auto/Crypt/SSLeay/SSLeay.so
> #2  0x080c0ad0 in Perl_pp_entersub ()
> #3  0x080b95ba in Perl_runops_standard ()
> #4  0x08064e43 in perl_run ()
> #5  0x0805fd4f in main ()

The problem seems to be that SSLeay does not call SSL_library_init() before
it calls SSL_CTX_new(), which mades SSL_CTX_new() fail giving back NULL, and
then calls SSL_CTX_ctrl() again with the NULL.

I'm reassigning this to libcrypt-ssleay-perl.


Kurt





More information about the Pkg-openssl-devel mailing list