Re: Thread-safe issue: one problem and its POSSIBLE solution

Fri, 21 Jul 2000 09:56:21 -0700 

Indi_Chen wrote:
> 
> Dear all,
> 
> We have found that there might be an unsolved thread-safe problem in the
> openssl library. A POSSIBLE solution is also proposed here.
> 
> CASES:
> Most of segmentation faults happen on the o_names.c:184 Free(ret) or in
> the  lhash.c:418 (*cf)(n1->data,data). The first case happens when it
> wants to free an already freed memory. The second one happens when it
> wants to compare a freed memory to another string. It seems that two
> pointers (belonging to different threads separately) point to the same
> memory and the SF happens when one freed it but another one wants to do
> something on it.
> 
> PROBLEM:
> A global LHASH object without any mutex protection may cause this
> problem. In our cases, LHASH *names_lh is the victim.
> Our first case happens when two threads get the same lh_node with the
> same key and they all replace the old data with its own data. Then,
> they all want to free the old data and it is not allowed for c library
> to free a memory twice. So it crashed.
> The same, our second case happens when two threads get the same node
> but one of them wants to compare it after another one had freed it.
> 

Hmmm... how do you get in a situation where multiple threads can call
OBJ_NAME_add()? The OBJ_NAME stuff is normally called when algorithms
are added and tidied up in a global table. 

They are normally added once when the program starts and once when it
finishes, that is before multiple threads are spawned and after all but
one has exited.

If you are for example calling OpenSSL_add_all_algorithms() and
EVP_cleanup() when each new thread starts and exits that is wrong.

There may be some legitimate reason for calling OBJ_NAME_add() in
multiple threads but I can't immediately see what it is.

Steve.
-- 
Dr Stephen N. Henson.   http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED] 
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the   OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to