#59 ssldump crashing with "Segmentation fault"

v1.0 (example)
open
Eric Rescorla
decryption (15)
7
2009-11-19
2009-11-19
Thrinadh
No

Hi Team,

After processing several requests, ssldump is crashing repeatedly due to Segmention fault, which is happening during SSL decryption process time (i.e. failing in /ssl/ssldecode.c).

Environment Details:

Ssldump versions: ssldump 0.9b3 (ssldump-0.9-0.beta3.1.2.el4.rf.i386.rpm and ssldump-0.9-0.beta3.2.el4.rf.i386.rpm)
Openssl version: OpenSSL 0.9.7a Feb 19 2003 (openssl-0.9.7a-43.17.el4_6.1.i386.rpm)
Libpcap version: libpcap.so.0.8.3
OS: RHEL el4 i386, update 4

Cryptographic Protocol: TLSV1_VERSION (Transport Layer Security (TLS))
CipherSuite: TLS_RSA_WITH_RC4_128_MD5
Certificate/key: 3 chained certificates as an extended certificate signed by VeriSign Class 3 Extended Validation SSL SGS CA.

More details:

we tested in the following way and found that ssldump stops by throwing “Segmentation fault” while decrypting the ssl traffic (application_data) with the above mentioned key type.

[root@tim1 ~]# ssldump -ni eth1 -d -k beempr.pem host 192.168.42.22 and port 8089 > output_a.txt 2>&1
Segmentation fault => crashed while making the 45th request.

[root@tim1 ~]# ssldump -ni eth1 -d host 192.168.42.22 and port 8089 > output_b.txt 2>&1
(Interrupted with CTRL-c as there is no issue)

Also, we have analyzed the coredump file and identified that failure is occurring in ssl_restore_session()->ssl_generate_keying_material() method (ssl/ssldecode.c). In the attached Coredump_Segmentfault_calltracedetails_withvalues.txt file, we see some variables(ex: key_block) have null references and it might be due memory allocation failures.

We are in urgent to resolve this issue and any help/suggestion would be greatly appreciated.

Regards
Raju

Discussion

  • Thrinadh
    Thrinadh
    2009-11-19

    • priority: 5 --> 7
     
  • Thrinadh
    Thrinadh
    2009-11-19

    part1 - sslsump decryped output while running with KEY

     
    Attachments
  • Thrinadh
    Thrinadh
    2009-11-19

    part2 - sslsump decryped output while running with KEY

     
    Attachments
  • Thrinadh
    Thrinadh
    2009-11-19

    sslsump output while running without KEY

     
    Attachments