In message <[EMAIL PROTECTED]> on Thu, 07 Aug 2003 08:54:19 +0100, Martin Kochanski
<[EMAIL PROTECTED]> said:
openssl> There are three related issues here, all to do with the use of
CreateToolhelp32Snapshot in RAND_poll() in rand_win.c. I'm using OpenSSL 0.9.6g, and
the relevant call is at line 443.
openssl>
openssl> 1. Minor bug:
openssl>
openssl> Line 443 of rand_win.c reads (reformatted)
openssl>
openssl> && (handle = snap(TH32CS_SNAPALL,0))!= NULL
openssl>
openssl> ["snap" is a variable that holds the address of CreateToolhelp32Snapshot].
openssl>
openssl> Microsoft's documentation states that -1
openssl> (INVALID_HANDLE_VALUE), not NULL, is returned on failure.
Verified. I'll correct that ASAP.
openssl> 2. Memory leak under Windows CE:
openssl>
openssl> RAND_poll() calls CloseHandle(handle) to close the handle
openssl> opened by CreateToolhelp32Snapshot. This is what we should be
openssl> doing under Windows, but under Windows CE, Microsoft's
openssl> documentation states: "To close a snapshot call the
openssl> CloseToolhelp32Snapshot function. Do not call the CloseHandle
openssl> function to close the snapshot call. Calling CloseHandle to
openssl> close the snapshot call generates a memory leak."
I/&%%&#%"/((()(/&"%#%("#%/(&)/("&#%&%#&"/(/&%#%#%!!!!!!
Why the F*CK can't MS keep things consistent? Is that so damn hard to
learn? Idiots! &/("/()&"#%/&)/(#&¤)(&%(/&%/&%¤/&%¤"#%&/(!/"&)(/!!!!!
[censored]!!!
openssl> I'm not sure whether OpenSSL counts Windows CE as a supported
openssl> platform, but if it does, this needs to be accounted for.
We have support for CE, so basically, we do the best we can.
openssl> 3. Crash under Windows 2003 Server
openssl>
openssl> One of our users is running an OpenSSL-enabled Cardbox server
openssl> (it's an .EXE file that may also be run as a system service)
openssl> and is getting an exception 0xC0000006 (IN_PAGE_ERROR) within
openssl> the call to CreateToolhelp32Snapshot. [I should add that this
openssl> call is made only after the service has fully started up].
openssl>
openssl> The stack trace indicates that
openssl>
openssl> - The address of CreateToolhelp32Snapshot has been correctly
openssl> extracted and stored in the variable 'snap'.
openssl> - The exception occurs three levels deep within NTDLL.DLL,
openssl> which in turn is two levels deep within KERNEL32.DLL.
openssl>
openssl> The user is running Windows 2003 Server, which I haven't
openssl> got. Has anyone else used Windows 2003 server and had a
openssl> problem with CreateToolhelp32Snapshot crashing?
openssl>
openssl> My inclination is to comment out or otherwise disable the
openssl> whole of the ToolHelp code on the Windows 2003 Server
openssl> platform, since the Crypt... functions should have produced
openssl> pretty good randomness all by themselves; but I'd welcome
openssl> anyone's comments.
Before we take any action, it would be good if we could get some more
input on this issue, so if moer 2003 users could test the random
polling code, I'd be grateful, and even more if someone can find the
exact cause of the problem.
Disabling sections of code is kind of a last resort...
--
Richard Levitte \ Tunnlandsvägen 3 \ [EMAIL PROTECTED]
[EMAIL PROTECTED] \ S-168 36 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
