[cups.bugs] [HIGH] STR #4061: cups-1.5 using OpenSSL crashes when accessing encrypted server
Andreas K. Hüttel
dilfridge at gentoo.org
Fri Apr 20 15:07:35 PDT 2012
DO NOT REPLY TO THIS MESSAGE. INSTEAD, POST ANY RESPONSES TO THE LINK BELOW.
[STR New]
This is a clone of https://bugs.gentoo.org/show_bug.cgi?id=401609
>From one of our developers (actually, the qa head :):
(gdb) r
Starting program: /usr/bin/lpq
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Program received signal SIGSEGV, Segmentation fault.
SSL_set_bio (s=0x0, rbio=0x5555557b81f0, wbio=0x5555557b81f0) at
ssl_lib.c:596
596 ssl_lib.c: File o directory non esistente.
(gdb) bt
#0 SSL_set_bio (s=0x0, rbio=0x5555557b81f0, wbio=0x5555557b81f0) at
ssl_lib.c:596
#1 0x00007ffff7ba7f5f in http_setup_ssl (http=0x5555557b4710) at
http.c:3817
#2 0x00007ffff7ba9498 in _httpUpdate (http=0x5555557b4710,
status=0x7fffffffa8fc) at http.c:2677
#3 0x00007ffff7ba9513 in httpUpdate (http=0x5555557b4710) at http.c:2816
#4 0x00007ffff7baa6a8 in http_upgrade (http=0x5555557b4710) at
http.c:4257
#5 0x00007ffff7baa83d in httpConnectEncrypt (host=<optimized out>,
port=<optimized out>, encryption=<optimized out>) at http.c:476
#6 0x0000555555555579 in connect_server (command=0x7fffffffded0
"/usr/bin/lpq", http=<optimized out>) at lpq.c:290
#7 0x000055555555640e in main (argc=1, argv=0x7fffffffdb18) at lpq.c:206
This happens with anything: lpr, lpq, andy Gtk+ app when opening the print
dialog, ... the problem is this:
http->tls = SSL_new(context);
SSL_set_bio(http->tls_credentials, bio, bio);
unfortunately at that point http->tls_credentials is still zero; this is a
new feature implemented in 1.5.x series, which is why it worked before.
As far as I can tell GnuTLS should work, but I haven't tried it yet.
Link: http://www.cups.org/str.php?L4061
Version: 1.5.0
More information about the cups
mailing list