imapfilter: core dump on initialisation following disabling of SSL3 in libssl
Bug #1516585 reported by
Andy Whitcroft
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
imapfilter (Debian) |
Fix Released
|
Unknown
|
|||
imapfilter (Ubuntu) |
Fix Released
|
High
|
Andy Whitcroft |
Bug Description
We are seeing coredumps on startup as a result of libssl disabling all SSL3 methods. This leads to the ssl3ctx being NULL which we ignore, leading to explosions later. With debugging added we can see we are failing as below:
ssl3ctx NULL14068056041
Changed in imapfilter (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → High |
assignee: | nobody → Andy Whitcroft (apw) |
Changed in imapfilter (Debian): | |
status: | Unknown → New |
Changed in imapfilter (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
The primary issue is we are assuming that an SSL context will always initialise, and run SSL_CTX_ load_verify_ locations( ) unconditionally against them:
ssl3ctx = SSL_CTX_ new(SSLv3_ client_ method( )); new(SSLv23_ client_ method( )); new(TLSv1_ client_ method( )); VERSION_ NUMBER >= 0x01000100fL new(TLSv1_ 1_client_ method( )); new(TLSv1_ 2_client_ method( ));
ssl23ctx = SSL_CTX_
tls1ctx = SSL_CTX_
#if OPENSSL_
tls11ctx = SSL_CTX_
tls12ctx = SSL_CTX_
#endif
if (exists_ dir(opts. truststore) )
capath = opts.truststore; file(opts. truststore) )
cafile = opts.truststore;
SSL_CTX_ load_verify_ locations( ssl3ctx, cafile, capath);
SSL_CTX_ load_verify_ locations( ssl23ctx, cafile, capath);
SSL_CTX_ load_verify_ locations( tls1ctx, cafile, capath); VERSION_ NUMBER >= 0x01000100fL
SSL_CTX_ load_verify_ locations( tls11ctx, cafile, capath);
SSL_CTX_ load_verify_ locations( tls12ctx, cafile, capath);
if (exists_
#if OPENSSL_