[Pkg-openssl-devel] Bug#741295: libssl: Improper release of read buffers when SSL_MODE_RELEASE_BUFFERS set

Andrew Stone andrew at clovar.com
Mon Mar 10 20:50:09 UTC 2014 

Package: libssl1.0.0
Version: 1.0.1f-1
Severity: important
File: libssl

When using libssl from multiple threads with SSL_MODE_RELEASE_BUFFERS enabled,
it seems that read buffers are being improperly released. Under load, I'm seeing
the errors below.

This bug has already been reported to OpenSSL, with a patch, but there is no movement
on it: http://rt.openssl.org/Ticket/Display.html?id=2167&user=guest&pass=guest

Would it be possible to get this patch (attached, created from the link referenced) in 
Debian rather than waiting for them, especially since it's so simple?

SSL_accept failed (0 6 0): (1) error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac. 
SSL_accept failed (0 6 0): (1) error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F119:SSL routines:SSL3_GET_RECORD:decryption failed or bad record mac. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1407609C:SSL routines:SSL23_GET_CLIENT_HELLO:http request. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number. 
SSL_accept failed (0 6 0): (1) error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number.

-- System Information:
Debian Release: jessie/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.12-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libssl1.0.0:amd64 depends on:
ii  debconf [debconf-2.0]  1.5.52
ii  libc6                  2.18-4
ii  multiarch-support      2.18-4

libssl1.0.0:amd64 recommends no packages.

libssl1.0.0:amd64 suggests no packages.

-- debconf information excluded
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dont-release-buffers-when-in-use.patch
Type: text/x-diff
Size: 478 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20140310/64023134/attachment.patch>

More information about the Pkg-openssl-devel mailing list