cURL / Mailing Lists / curl-library / Single Mail


Re: abort trap: double-free bug in lib/ssluse.c:Curl_ossl_close() ???

From: Edward B. DREGER <>
Date: Thu, 19 Apr 2007 14:22:47 +0000 (GMT)

DS> Date: Thu, 19 Apr 2007 09:33:45 +0200 (CEST)
DS> From: Daniel Stenberg

DS> > I've found that OpenSSL also is internally detecting a divide-by-zero
DS> > error
DS> When?

When ssluse.c:Curl_ossl_step2() invokes SSL_connect(connssl->handle).
In 7.15.5, the failf() call at ssluse.c:1458 is what catches the ossl

DS> > which causes libcurl to [attempt to] clean up, which is when the
DS> > double-free trap occurs.
DS> So this is then an OpenSSL bug rather than a libcurl one?

I'm tempted to conclude that's the case; even if the root cause is in
PHP or libcurl, I don't see why ossl is hitting a div-by-zero. (Of
course, I'm now elbow-deep in the source of three programs which I've
never before spent much time exploring... so my identification accuracy
certainly isn't 100%.)


        curl_setopt($ch, CURLOPT_SSLVERSION, $something) ;

in PHP can reliably set the behavior to any of:

* a trap before any HTTPS response
* a trap after pulling some of the headers
* alternating SIGBUS and SIGILL

depending entirely on PHP version and value of $something. I probably
should whip up a contrived C-based libcurl test based on what PHP is

I suppose it could be also libc-related. *shrug* I just need to keep
unraveling this mess...

At any rate:

If I find something that looks libcurl-related, I'll post again.
Unless that happens, I wanted to close the thread on a "doesn't look
like a libcurl problem after all" note.

Thanks again,

Everquick Internet -
A division of Brotsman & Dreger, Inc. -
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and [inter]national
Phone: +1 316 794 8922 Wichita
DO NOT send mail to the following addresses: -*- -*-
Sending mail to spambait addresses is a great way to get blocked.
Ditto for broken OOO autoresponders and foolish AV software backscatter.
Received on 2007-04-19