Light

segfault when checking parser error (using SSL) about libevhtp HOT 7 CLOSED

yellow-camper commented on June 14, 2024

segfault when checking parser error (using SSL)

from libevhtp.

Comments (7)

ousado commented on June 14, 2024 1

There are a few possible reasons. I patched libevhtp slightly to compile against openssl 1.1 since that's what libevent depends on, on debian stretch, and I got these errors in the context of a larger project. I'll try to isolate it more.

from libevhtp.

NathanFrench commented on June 14, 2024

Can't reproduce:

~/Code/libevhtp/build$ openssl genrsa -out pkey 2048
Generating RSA private key, 2048 bit long modulus
.....+++
........+++
e is 65537 (0x10001)

~/Code/libevhtp/build$ openssl req -new -key pkey -out cert.req
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

~/Code/libevhtp/build$ openssl x509 -req -days 365 -in cert.req -signkey pkey -out cert
Signature ok
subject=/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd
Getting Private key

~/Code/libevhtp/build$ cat pkey cert > test_cert
~/Code/libevhtp/build$ ./examples/test_extensive -s ./test_cert

Running against

ab -k -n 100 -c 50 https://localhost:8081/ 
This is ApacheBench, Version 2.3 <$Revision: 1757674 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking localhost (be patient).....done


Server Software:        
Server Hostname:        localhost
Server Port:            8081
SSL/TLS Protocol:       TLSv1.2,AES256-GCM-SHA384,2048,256
TLS Server Name:        localhost

Document Path:          /
Document Length:        594 bytes

Concurrency Level:      50
Time taken for tests:   0.127 seconds
Complete requests:      100
Failed requests:        0
Keep-Alive requests:    100
Total transferred:      68400 bytes
HTML transferred:       59400 bytes
Requests per second:    784.52 [#/sec] (mean)
Time per request:       63.733 [ms] (mean)
Time per request:       1.275 [ms] (mean, across all concurrent requests)
Transfer rate:          524.04 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        0   11  13.1      5      38
Processing:    43   52  10.5     45      75
Waiting:        0    9  11.0      1      32
Total:         44   63  18.7     77      83

Percentage of the requests served within a certain time (ms)
  50%     77
  66%     82
  75%     82
  80%     82
  90%     82
  95%     82
  98%     83
  99%     83
 100%     83 (longest request)

from libevhtp.

NathanFrench commented on June 14, 2024

You rock.

I'm very interested in seeing something I can reproduce.

As a side note, after looking over the ssl_init code, I conclude this vastly needs some cleanup (error checking wise).

from libevhtp.

NathanFrench commented on June 14, 2024

Oh, and what did you patch to use 1.1? Can you submit a pull request for that?

from libevhtp.

ousado commented on June 14, 2024

I will, it's a tiny patch to get it to compile. The only thing I'm worried about are semantic changes in openssl 1.1 that don't trigger compile-time errors.

from libevhtp.

NathanFrench commented on June 14, 2024

@tonylambiris has been working on getting support for more recent OpenSSL versions without warnings here #57

Hopefully, we can get more!

from libevhtp.

NathanFrench commented on June 14, 2024

OK, should be good to go now for future versions of SSL.

from libevhtp.

Related Issues (20)

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.