Buy commercial curl support. We
help you work out your issues, debug your libcurl applications, use the API,
port to new platforms, add new features and more. With a team lead by the
curl founder Daniel himself.
Re: Bug Report: Uninitialized Memory Access During SSL Initialization
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Charalampos Mitrodimas via curl-library <curl-library_at_lists.haxx.se>
Date: Sat, 2 Nov 2024 20:00:21 +0000
Hi,
Thanks for reaching back.
On 11/2/24 15:14, Daniel Stenberg wrote:
> On Sat, 2 Nov 2024, Charalampos Mitrodimas via curl-library wrote:
>
>> In my journey to send emails in a multi-threaded C program, I
>> encountered a use-of-uninitialized-value memory issue. MemorySanitizer
>> detects use of uninitialized memory during the SSL initialization phase.
>
>> #0 0x7f8423d11a12 in BIO_new_file
>> (/lib/x86_64-linux-gnu/libcrypto.so.3+0x111a12) (BuildId:
>> 72c05a16f686d285265b1e1a135706b21e0fdf98)
>
> This problem seems to trigger pretty deep into OpenSSL so I don't
> believe this is a curl problem.
>
> What curl and OpenSSL versions are you using?
My versions are the ones available in the Ubuntu package registry, i.e.
libcurl4-openssl-dev:amd64 8.5.0-2ubuntu10.4
libssl-dev:amd64 3.0.13-0ubuntu3.4
I'll try to build both of them from source and observe the results again.
C. Mitrodimas
Date: Sat, 2 Nov 2024 20:00:21 +0000
Hi,
Thanks for reaching back.
On 11/2/24 15:14, Daniel Stenberg wrote:
> On Sat, 2 Nov 2024, Charalampos Mitrodimas via curl-library wrote:
>
>> In my journey to send emails in a multi-threaded C program, I
>> encountered a use-of-uninitialized-value memory issue. MemorySanitizer
>> detects use of uninitialized memory during the SSL initialization phase.
>
>> #0 0x7f8423d11a12 in BIO_new_file
>> (/lib/x86_64-linux-gnu/libcrypto.so.3+0x111a12) (BuildId:
>> 72c05a16f686d285265b1e1a135706b21e0fdf98)
>
> This problem seems to trigger pretty deep into OpenSSL so I don't
> believe this is a curl problem.
>
> What curl and OpenSSL versions are you using?
My versions are the ones available in the Ubuntu package registry, i.e.
libcurl4-openssl-dev:amd64 8.5.0-2ubuntu10.4
libssl-dev:amd64 3.0.13-0ubuntu3.4
I'll try to build both of them from source and observe the results again.
C. Mitrodimas
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-11-02