cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Segfault with MD5 in axTLS

From: Daniel Stenberg <daniel_at_haxx.se>
Date: Fri, 6 Feb 2015 14:17:39 +0100 (CET)

On Fri, 6 Feb 2015, Dan Fandrich wrote:

> The new md5 code added in the last 3 days has caused builds using axTLS to
> segfault. Here's a trace of curl from git HEAD run against the test suite
> server under valgrind using axTLS 1.4.9 on x86 Linux:

Weird.

I noticed I didn't have axtls on my machine so I grabbed 1.5.1 just now (and
cursed the build problem the initial make gives) but with this installed I
seem to be able to run HTTPS tests mostly fine:

test 0300...[simple HTTPS GET]
-pd---emv- OK (296 out of 971, remaining: 00:31)
test 0301...[HTTPS GET with user and password]
-pd---emv- OK (297 out of 971, remaining: 00:39)
test 0302...[HTTPS GET over HTTP proxy fails]
------emv- OK (298 out of 971, remaining: 00:42)
test 0303...[HTTPS with 8 secs timeout]
-pd---emv- OK (299 out of 971, remaining: 01:35)
test 0304...[HTTPS multipart formpost]
-pd---emv- OK (300 out of 971, remaining: 01:45)
test 0305...[insecure HTTPS without permission]
------emv- OK (301 out of 971, remaining: 01:47)
test 0306...[HTTPS GET, receive no headers only data!]
-pd---emv- OK (302 out of 971, remaining: 01:55)

Oh!

Is this perhaps a symbol collision of some sorts? Look:

==18403== Invalid read of size 4
==18403== at 0x402B0B0: memcpy (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==18403== by 0x4072BD3: MD5_Update (md5.c:413)

^^^ This appears to be the MD5_Update function in libcurl, but...

==18403== by 0x40980EC: hmac_md5 (hmac.c:70)

^^^ This appears to be a function in axtls!

-- 
  / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2015-02-06