curl / Mailing Lists / curl-library / Single Mail
Buy commercial curl support. We help you work out your issues, debug your libcurl applications, use the API, port to new platforms, add new features and more. With a team lead by the curl founder Daniel himself.

Re: Bug Report: Uninitialized Memory Access During SSL Initialization

From: Charalampos Mitrodimas via curl-library <curl-library_at_lists.haxx.se>
Date: Sat, 2 Nov 2024 20:00:21 +0000

Hi,

Thanks for reaching back.

On 11/2/24 15:14, Daniel Stenberg wrote:
> On Sat, 2 Nov 2024, Charalampos Mitrodimas via curl-library wrote:
>
>> In my journey to send emails in a multi-threaded C program, I
>> encountered a use-of-uninitialized-value memory issue. MemorySanitizer
>> detects use of uninitialized memory during the SSL initialization phase.
>
>>             #0 0x7f8423d11a12 in BIO_new_file
>> (/lib/x86_64-linux-gnu/libcrypto.so.3+0x111a12) (BuildId:
>> 72c05a16f686d285265b1e1a135706b21e0fdf98)
>
> This problem seems to trigger pretty deep into OpenSSL so I don't
> believe this is a curl problem.
>
> What curl and OpenSSL versions are you using?

My versions are the ones available in the Ubuntu package registry, i.e.

     libcurl4-openssl-dev:amd64   8.5.0-2ubuntu10.4
     libssl-dev:amd64                      3.0.13-0ubuntu3.4

I'll try to build both of them from source and observe the results again.

                                         C. Mitrodimas

-- 
Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library
Etiquette:   https://curl.se/mail/etiquette.html
Received on 2024-11-02