TLS: OpenSSL Tcl Extension / Bugs / #57 CTX_Init() crash with MSVCR80+ runtime from fopen(NULL)

#57 CTX_Init() crash with MSVCR80+ runtime from fopen(NULL)

Milestone: None

Status: closed-accepted

Owner: Andreas Kupries

Labels: None

Priority: 8

Updated: 2015-05-01

Created: 2015-04-28

Creator: Twylite

Private: No

In tls.c there is a call to SSL_load_client_CA_file() which may be involved with a NULL pointer; this in turn invokes fopen(NULL, mode). POSIX behaviour of fopen(NULL, mode) is undefined, but most implementations quietly return NULL. If building with MSVC 2008 or higher you will link against a C Runtime that has parameter validation https://msdn.microsoft.com/en-us/library/ksazx244.aspx which will throw an exception for fopen(NULL, mode).

Fix is to replace the line with:

    if ( CAfile != NULL )
    {
      STACK_OF(X509_NAME) *certNames = SSL_load_client_CA_file( F2N(CAfile, &ds) );
      if ( certNames != NULL )
      { 
        SSL_CTX_set_client_CA_list(ctx, certNames );
      }
    }

Discussion

Andreas Kupries - 2015-04-28

Put into my local TLS checkout, doing a test rebuild over night.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andreas Kupries - 2015-05-01

Accepted and applied to CVS, together with the fix for
http://core.tcl.tk/tcl/tktview?name=0f94f855cafed92d0e174b7d835453a02831b4dd

The TLS version was bumped to 1.6.5.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andreas Kupries - 2015-05-01

status: open --> closed-accepted

assigned_to: Andreas Kupries

Group: -->
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CTX_Init() crash with MSVCR80+ runtime from fopen(NULL)

Group

Searches

Help

#57 CTX_Init() crash with MSVCR80+ runtime from fopen(NULL)

Discussion