yea, I think that patch should be ok. Louis Solomon www.SteelBytes.com
----- Original Message ----- From: "Richard Levitte - VMS Whacker via RT" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Friday, December 13, 2002 9:35 AM Subject: Re: [openssl.org #373] Fw: is SSL_CTX_new() thread safe (on win32) ? > > I can see that happening. Would the following patch help? > > Index: ssl/ssl_ciph.c > =================================================================== > RCS file: /e/openssl/cvs/openssl/ssl/ssl_ciph.c,v > retrieving revision 1.33.2.3 > diff -u -u -r1.33.2.3 ssl_ciph.c > --- ssl/ssl_ciph.c 19 Jul 2002 19:53:02 -0000 1.33.2.3 > +++ ssl/ssl_ciph.c 12 Dec 2002 22:32:30 -0000 > @@ -751,7 +751,9 @@ > */ > if (rule_str == NULL) return(NULL); > > + CRYPTO_w_lock(CRYPTO_LOCK_SSL); > if (init_ciphers) load_ciphers(); > + CRYPTO_w_unlock(CRYPTO_LOCK_SSL); > > /* > * To reduce the work to do we only want to process the compiled > > > In message <[EMAIL PROTECTED]> on Mon, 2 Dec 2002 09:09:25 +0100 (MET), "Louis Solomon [SteelBytes] via RT" <[EMAIL PROTECTED]> said: > > rt> > ok, > rt> > here's the cause I think ... > rt> > > rt> > SSL_CTX_new(...) > rt> > { > rt> > ... > rt> > ssl_create_cipher_list(...) > rt> > ... > rt> > } > rt> > > rt> > static int init_ciphers=1; > rt> > > rt> > ssl_create_cipher_list(...) > rt> > { > rt> > ... > rt> > if (init_ciphers) load_ciphers(); > rt> > ... > rt> > ssl_cipher_get_disabled() > rt> > ... > rt> > } > rt> > > rt> > load_ciphers() > rt> > { > rt> > init_ciphers = 0; > rt> > ... // mark_1 > rt> > init ssl_cipher_methods[] > rt> > ... > rt> > } > rt> > > rt> > ssl_cipher_get_disabled() > rt> > { > rt> > ... > rt> > use ssl_cipher_methods[] // mark_2 > rt> > ... > rt> > } > rt> > > rt> > consider this: > rt> > thread_1 calls SSL_CTX_new() and reaches mark_1 > rt> > a context switch happens (thread_1 stalls, and thread_2 becomes > rt> active) > rt> > thread_2 calls SSL_CTX_new() and reaches mark_2 > rt> > > rt> > thread_2 will be trying to read from ssl_cipher_methods which is > rt> > uninitialised !! > rt> > > rt> > any one care to fix the 0.9.7 beta ? (or 0.9.6g) > rt> > > rt> > Louis Solomon > rt> > www.SteelBytes.com > > -- > Richard Levitte \ Spannvägen 38, II \ [EMAIL PROTECTED] > Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47 > \ SWEDEN \ or +46-708-26 53 44 > Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED] > Member of the OpenSSL development team: http://www.openssl.org/ > > Unsolicited commercial email is subject to an archival fee of $400. > See <http://www.stacken.kth.se/~levitte/mail/> for more info. > ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]