[Bug 423224] [NEW] ssldump segfault

Jean-Paul Calderone exarkun at twistedmatrix.com
Wed Sep 2 14:53:36 UTC 2009


Public bug reported:

Binary package hint: ssldump

ssldump will often segfault while interpreting valid ssl data captured
from the network.

Here are reproduction instructions for one such crash.

The attached server.pem contains a private key and self-signed certificate.
The attached echoserv_ssl.py is a Python program (requires Twisted - should be fine with 8.2) which runs an SSL server.
The attached netkit-telnet-ssl.patch is a patch to the netkit-telnet-ssl source package to cause it to use TLSv1 instead of SSLv2.

Put server.pem and echoserv_ssl.py in the same directory and run
echoserv_ssl.py.  It will bind to port 8000.  Patch netkit-telnet-ssl
and build it.  Use the resulting telnet executable to run this command
from the directory containing server.pem:

telnet -z ssl,cert=server.pem,key=server.pem,verify=0x00,verbose
localhost 8000

The connection will not manage to get set up completely (I haven't
debugged that yet).  If you do this while ssldump is running (eg ssldump
-i lo), ssldump will segfault after reporting some text.

Also attached is the output I see from the telnet command, from ssldump,
and a tcpdump capture of the traffic which happens on my system during
this interaction.

** Affects: ssldump (Ubuntu)
     Importance: Undecided
         Status: New

-- 
ssldump segfault
https://bugs.launchpad.net/bugs/423224
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs




More information about the universe-bugs mailing list