Re: NSS 3.9.12 core-dump in SSL_OptionGet

Wed, 20 Apr 2011 07:47:16 -0700 

Thanks for the pointer Wan-Teh

meanwhile I already used dbx and got this ...

Current function is SSL_OptionGet
  809       *pOn = on;
current thread: t@1
=>[1] SSL_OptionGet(fd = 0x135d48, which = 1, pOn = 0xffbfe7df), line 809 in "sslsock.c" [2] smi::Connection::secureSocket(0xffbff09c, 0x201ec4, 0x201ec8, 0xfe75c9e9, 0x135d48, 0xfe7807b0), at 0xfe6a2844 


The related agent-code looks like this ... I think it's not correct...

"if (SECSuccess == secStatus) {
                sslMethodName = "SSL_OptionSet";
                {
                    bool state;
secStatus = SSL_OptionGet(sslSocket,SSL_SECURITY, (PRBool*)&state);" 

However I'm not a frequent C/C++ programmer...

Thanks again,
Bernhard




On 04/20/2011 04:42 PM, Wan-Teh Chang wrote:

On Wed, Apr 20, 2011 at 3:27 AM, Bernhard Thalmayr
<bernhard.thalm...@painstakingminds.com>  wrote:

Hi experts, it would be great if some could shed some light on the
following....

OpenAM web-agents are using NSS/NSPR for outbound connections.

I get a core-dump of Apache http server when agent is doing outound
ssl-connection on Solaris 10 SPARC (32bit-apache httpd and nss)

pstack shows me...

bash-3.00# pstack httpd-core-nss-3.12.9-DBG | more
core 'httpd-core-nss-3.12.9-DBG' of 15276:      /usr/apache2/bin/httpd -k
start
  fe444b70 SSL_OptionGet (dde48, 1, ffbfe847, fffffff8, f9, ddfec) + 3d8
  fe6a2844
__1cDsmiKConnectionMsecureSocket6MrknDstdMbasic_string4Ccn0CLchar_trai
ts4Cc__n0CJallocator4Cc____rk3bpnKPRFileDesc__9A_ (ffbff104, 177214, 177218,
fe7
5c9e9, dde48, fe7807b0) + 84

I've built NSS 3.12.9 with debug flags [... omitted...]


Since the NSS libraries are debug builds, please open the
core file with gdb to get a better stack trace (that has
function argument names and source file names and line
numbers), and print the values of the relevant variables.

SSL_OptionGet is a simple function.  There are only
a couple of places where it is likely to crash:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/sslsock.c&rev=1.70&mark=755,809#754

It seems that the second argument passed to SSL_OptionGet
is 1, which is SSL_SECURITY:
http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/ssl/ssl.h&rev=1.41&mark=96#95

Wan-Teh


--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to