After processing several requests, ssldump is crashing repeatedly due to Segmention fault, which is happening during SSL decryption process time (i.e. failing in /ssl/ssldecode.c).
Ssldump versions: ssldump 0.9b3 (ssldump-0.9-0.beta3.1.2.el4.rf.i386.rpm and ssldump-0.9-0.beta3.2.el4.rf.i386.rpm)
Openssl version: OpenSSL 0.9.7a Feb 19 2003 (openssl-0.9.7a-43.17.el4_6.1.i386.rpm)
Libpcap version: libpcap.so.0.8.3
OS: RHEL el4 i386, update 4
Cryptographic Protocol: TLSV1_VERSION (Transport Layer Security (TLS))
Certificate/key: 3 chained certificates as an extended certificate signed by VeriSign Class 3 Extended Validation SSL SGS CA.
we tested in the following way and found that ssldump stops by throwing “Segmentation fault” while decrypting the ssl traffic (application_data) with the above mentioned key type.
[root@tim1 ~]# ssldump -ni eth1 -d -k beempr.pem host 192.168.42.22 and port 8089 > output_a.txt 2>&1
Segmentation fault => crashed while making the 45th request.
[root@tim1 ~]# ssldump -ni eth1 -d host 192.168.42.22 and port 8089 > output_b.txt 2>&1
(Interrupted with CTRL-c as there is no issue)
Also, we have analyzed the coredump file and identified that failure is occurring in ssl_restore_session()->ssl_generate_keying_material() method (ssl/ssldecode.c). In the attached Coredump_Segmentfault_calltracedetails_withvalues.txt file, we see some variables(ex: key_block) have null references and it might be due memory allocation failures.
We are in urgent to resolve this issue and any help/suggestion would be greatly appreciated.
Log in to post a comment.