Bug#869205: Acknowledgement (bacula-sd crashes on TLS connection from bacula-fd)

Fri, 21 Jul 2017 08:04:37 -0700 

Quite strange, the error seems to happen right after the call to malloc:

(gdb) disas
Dump of assembler code for function _Z18new_tls_connectionP11TLS_Contexti:
   0x00007eff913aec20 <+0>:     push   %r12
   0x00007eff913aec22 <+2>:     push   %rbp
   0x00007eff913aec23 <+3>:     mov    %rdi,%r12
   0x00007eff913aec26 <+6>:     push   %rbx
   0x00007eff913aec27 <+7>:     mov    %esi,%ebx
   0x00007eff913aec29 <+9>:     callq  0x7eff913870d0 <BIO_s_socket@plt>
   0x00007eff913aec2e <+14>:    mov    %rax,%rdi
   0x00007eff913aec31 <+17>:    callq  0x7eff913861b0 <BIO_new@plt>
   0x00007eff913aec36 <+22>:    test   %rax,%rax
   0x00007eff913aec39 <+25>:    je     0x7eff913aecc0 
<_Z18new_tls_connectionP11TLS_Contexti+160>
   0x00007eff913aec3f <+31>:    mov    %ebx,%ecx
   0x00007eff913aec41 <+33>:    xor    %edx,%edx
   0x00007eff913aec43 <+35>:    mov    $0x68,%esi
   0x00007eff913aec48 <+40>:    mov    %rax,%rdi
   0x00007eff913aec4b <+43>:    mov    %rax,%rbp
   0x00007eff913aec4e <+46>:    callq  0x7eff91387100 <BIO_int_ctrl@plt>
   0x00007eff913aec53 <+51>:    lea    0x143f7(%rip),%rdi        # 
0x7eff913c3051
   0x00007eff913aec5a <+58>:    mov    $0x58,%edx
   0x00007eff913aec5f <+63>:    mov    $0x1c8,%esi
   0x00007eff913aec64 <+68>:    callq  0x7eff913860c0 <_Z9sm_mallocPKcij@plt>
=> 0x00007eff913aec69 <+73>:    mov    (%r12),%rdi
   0x00007eff913aec6d <+77>:    mov    %rax,%rbx
   0x00007eff913aec70 <+80>:    callq  0x7eff913869b0 <SSL_new@plt>
   0x00007eff913aec75 <+85>:    test   %rax,%rax
   0x00007eff913aec78 <+88>:    mov    %rax,(%rbx)
   0x00007eff913aec7b <+91>:    je     0x7eff913aece0 
<_Z18new_tls_connectionP11TLS_Contexti+192>
   0x00007eff913aec7d <+93>:    mov    %rax,%rdi
   0x00007eff913aec80 <+96>:    mov    %rbp,%rdx
   0x00007eff913aec83 <+99>:    mov    %rbp,%rsi
   0x00007eff913aec86 <+102>:   callq  0x7eff91387080 <SSL_set_bio@plt>
   0x00007eff913aec8b <+107>:   mov    (%rbx),%rdi
   0x00007eff913aec8e <+110>:   xor    %ecx,%ecx
   0x00007eff913aec90 <+112>:   mov    $0x3,%edx
   0x00007eff913aec95 <+117>:   mov    $0x21,%esi


TLS_CONNECTION *new_tls_connection(TLS_CONTEXT *ctx, int fd)
{
   BIO *bio;

   /*
    * Create a new BIO and assign the fd.
    * The caller will remain responsible for closing the associated fd
    */
   bio = BIO_new(BIO_s_socket());
   if (!bio) {
      /* Not likely, but never say never */
      openssl_post_errors(M_FATAL, _("Error creating file descriptor-based 
BIO"));
      return NULL; /* Nothing allocated, nothing to clean up */
   }
   BIO_set_fd(bio, fd, BIO_NOCLOSE);

   /* Allocate our new tls connection */
   TLS_CONNECTION *tls = (TLS_CONNECTION *)malloc(sizeof(TLS_CONNECTION));

   /* Create the SSL object and attach the socket BIO */
   if ((tls->openssl = SSL_new(ctx->openssl)) == NULL) {
      /* Not likely, but never say never */
      openssl_post_errors(M_FATAL, _("Error creating new SSL object"));
      goto err;
   }

-- 
Valentin

Reply via email to