Bug#334938: [Pkg-openssl-devel] Bug#334938: libssl0.9.8:
libcrypt-ssleay-perl seg faults via https addresses
Kurt Roeckx
kurt at roeckx.be
Fri Oct 21 21:21:20 UTC 2005
reassign 334938 libcrypt-ssleay-perl
thanks
On Thu, Oct 20, 2005 at 05:11:14PM -0700, Kees Cook wrote:
> Package: libssl0.9.8
> Version: 0.9.8a-2
> Severity: grave
> Justification: renders package unusable
>
>
> There is a seg fault when using Perl LWP to access https sites:
>
> #0 0xb7dc3942 in SSL_CTX_ctrl () from /usr/lib/i686/cmov/libssl.so.0.9.8
> #1 0xb7de07de in XS_Crypt__SSLeay__CTX_new ()
> from /usr/lib/perl5/auto/Crypt/SSLeay/SSLeay.so
> #2 0x080c0ad0 in Perl_pp_entersub ()
> #3 0x080b95ba in Perl_runops_standard ()
> #4 0x08064e43 in perl_run ()
> #5 0x0805fd4f in main ()
The problem seems to be that SSLeay does not call SSL_library_init() before
it calls SSL_CTX_new(), which mades SSL_CTX_new() fail giving back NULL, and
then calls SSL_CTX_ctrl() again with the NULL.
I'm reassigning this to libcrypt-ssleay-perl.
Kurt
More information about the Pkg-openssl-devel
mailing list