NetSSL_Win\src\SecureSocketImpl.cpp CertFreeCertificateContext on nullptr

[tgraupmann]

It appears that POCO is trying to free a nullptr in certain scenarios.

Exception thrown at 0x75CEA8B2 in MYAPP: Microsoft C++ exception: Poco::Net::NoCertificateException at memory location 0x03E8B4EC.

https://github.com/pocoproject/poco/blob/master/NetSSL_Win/src/SecureSocketImpl.cpp

The same code appears in 3 places:

		if (_pPeerCertificate)
		{
			CertFreeCertificateContext(_pPeerCertificate);
			_pPeerCertificate = 0;
		}

I'm running into an exception when this tries to free null. I'm testing SSL on a site where I haven't got around to implementing the SSL validation code.

Exceptions can happen and these 3 cases might be getting executed at the same time resulting in trying to free nullptr.

You could use something like a mutex.

After this occurs the server stops responding.

Here's a stacktrace.

 	ntdll.dll!7749f653()	Unknown
 	[Frames below may be incorrect and/or missing, no symbols loaded for ntdll.dll]	
 	[External Code]	
 	MyLibrary!Poco::Net::SecureSocketImpl::cleanup() Line 160	C++
 	MyLibrary!Poco::Net::SecureSocketImpl::~SecureSocketImpl() Line 106	C++
 	MyLibrary!Poco::Net::SecureStreamSocketImpl::~SecureStreamSocketImpl() Line 43	C++
 	[External Code]	
 	MyLibrary!Poco::RefCountedObject::release() Line 82	C++
 	MyLibrary!Poco::Net::WebSocketImpl::~WebSocketImpl() Line 53	C++
 	[External Code]	
 	MyLibrary!Poco::RefCountedObject::release() Line 82	C++
 	MyLibrary!Poco::Net::Socket::~Socket() Line 69	C++
 	MyLibrary!Poco::Net::StreamSocket::~StreamSocket() Line 63	C++
 	MyLibrary!Poco::Net::WebSocket::~WebSocket() Line 70	C++
 	[External Code]	
 	MyLibrary!Poco::Net::SocketImpl::error(int code, const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & arg) Line 1273	C++
 	MyLibrary!Poco::Net::SocketImpl::error(int code) Line 1211	C++
 	MyLibrary!Poco::Net::SocketImpl::receiveBytes(void * buffer, int length, int flags) Line 383	C++
 	MyLibrary!Poco::Net::SecureSocketImpl::receiveRawBytes(void * buffer, int length, int flags) Line 316	C++
 	MyLibrary!Poco::Net::SecureSocketImpl::receiveBytes(void * buffer, int length, int flags) Line 454	C++
 	MyLibrary!Poco::Net::SecureStreamSocketImpl::receiveBytes(void * buffer, int length, int flags) Line 120	C++
 	MyLibrary!Poco::Net::WebSocketImpl::receiveSomeBytes(char * buffer, int bytes) Line 258	C++
 	MyLibrary!Poco::Net::WebSocketImpl::receiveNBytes(void * buffer, int bytes) Line 230	C++
 	MyLibrary!Poco::Net::WebSocketImpl::receiveHeader(char * mask, bool & useMask) Line 115	C++
 	MyLibrary!Poco::Net::WebSocketImpl::receiveBytes(void * buffer, int length, int __formal) Line 206	C++
 	MyLibrary!Poco::Net::WebSocket::receiveFrame(void * buffer, int length, int & flags) Line 109	C++

I was attempting to read on a WebSocketClient.

Poco::Net::HTTPSClientSession cs(host, 443);
Poco::Net::HTTPRequest request(HTTPRequest::HTTP_GET, path, HTTPMessage::HTTP_1_1);
...
Poco::Net::WebSocket ws(cs, request, response);
...
// exception occurs here
unsigned int recvLen = ws.receiveFrame(receiveBuff, (int)(sizeof(char) * size(receiveBuff)), flags);

I also see the error trying to close a WebSocket connection.

[tgraupmann]

This is the change I made to make this stable for me. You might have a better idea of how to handle this issue.
tgraupmann@78a63b6

[obiltschnig]

Hm, this could only happen if you have multiple threads reading from and/or writing to the same socket, which is certainly not safe, as there is lots of other state in SecureSocketImpl that's not protected by a Mutex. In general, socket classes in POCO are not considered thread safe.

[github-actions]

This issue is stale because it has been open for 365 days with no activity.

[github-actions]

This issue was closed because it has been inactive for 60 days since being marked as stale.