NetSSL_Win\src\SecureSocketImpl.cpp CertFreeCertificateContext on nullptr #3213
Description
It appears that POCO is trying to free a nullptr in certain scenarios.
Exception thrown at 0x75CEA8B2 in MYAPP: Microsoft C++ exception: Poco::Net::NoCertificateException at memory location 0x03E8B4EC.
https://github.com/pocoproject/poco/blob/master/NetSSL_Win/src/SecureSocketImpl.cpp
The same code appears in 3 places:
if (_pPeerCertificate)
{
CertFreeCertificateContext(_pPeerCertificate);
_pPeerCertificate = 0;
}
I'm running into an exception when this tries to free null. I'm testing SSL on a site where I haven't got around to implementing the SSL validation code.
Exceptions can happen and these 3 cases might be getting executed at the same time resulting in trying to free nullptr.
You could use something like a mutex.
After this occurs the server stops responding.
Here's a stacktrace.
ntdll.dll!7749f653() Unknown
[Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll]
[External Code]
MyLibrary!Poco::Net::SecureSocketImpl::cleanup() Line 160 C++
MyLibrary!Poco::Net::SecureSocketImpl::~SecureSocketImpl() Line 106 C++
MyLibrary!Poco::Net::SecureStreamSocketImpl::~SecureStreamSocketImpl() Line 43 C++
[External Code]
MyLibrary!Poco::RefCountedObject::release() Line 82 C++
MyLibrary!Poco::Net::WebSocketImpl::~WebSocketImpl() Line 53 C++
[External Code]
MyLibrary!Poco::RefCountedObject::release() Line 82 C++
MyLibrary!Poco::Net::Socket::~Socket() Line 69 C++
MyLibrary!Poco::Net::StreamSocket::~StreamSocket() Line 63 C++
MyLibrary!Poco::Net::WebSocket::~WebSocket() Line 70 C++
[External Code]
MyLibrary!Poco::Net::SocketImpl::error(int code, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & arg) Line 1273 C++
MyLibrary!Poco::Net::SocketImpl::error(int code) Line 1211 C++
MyLibrary!Poco::Net::SocketImpl::receiveBytes(void * buffer, int length, int flags) Line 383 C++
MyLibrary!Poco::Net::SecureSocketImpl::receiveRawBytes(void * buffer, int length, int flags) Line 316 C++
MyLibrary!Poco::Net::SecureSocketImpl::receiveBytes(void * buffer, int length, int flags) Line 454 C++
MyLibrary!Poco::Net::SecureStreamSocketImpl::receiveBytes(void * buffer, int length, int flags) Line 120 C++
MyLibrary!Poco::Net::WebSocketImpl::receiveSomeBytes(char * buffer, int bytes) Line 258 C++
MyLibrary!Poco::Net::WebSocketImpl::receiveNBytes(void * buffer, int bytes) Line 230 C++
MyLibrary!Poco::Net::WebSocketImpl::receiveHeader(char * mask, bool & useMask) Line 115 C++
MyLibrary!Poco::Net::WebSocketImpl::receiveBytes(void * buffer, int length, int __formal) Line 206 C++
MyLibrary!Poco::Net::WebSocket::receiveFrame(void * buffer, int length, int & flags) Line 109 C++
I was attempting to read on a WebSocketClient.
Poco::Net::HTTPSClientSession cs(host, 443);
Poco::Net::HTTPRequest request(HTTPRequest::HTTP_GET, path, HTTPMessage::HTTP_1_1);
...
Poco::Net::WebSocket ws(cs, request, response);
...
// exception occurs here
unsigned int recvLen = ws.receiveFrame(receiveBuff, (int)(sizeof(char) * size(receiveBuff)), flags);
I also see the error trying to close a WebSocket connection.