HI!
Thanks again for highlighting those issues. What would be the best way for
the application using those pluggins to avoid this issue of
SSL_library_init()?
regards
-Nitin
From: "David Schwartz" <[EMAIL PROTECTED]>
Reply-To: openssl-dev@openssl.org
To: <openssl-dev@openssl.org>
Subject: RE: Memory Leaks in SSL_Library_init()
Date: Wed, 21 Mar 2007 00:14:53 -0700
> Hi!
>
> I have an example case where by the unused memoy allocated by
> SSL_library_init when not freed, would accumulate.
>
> There is an application which takes services from some of the
> libraries say
> A, B and C.
>
> These libraries are dynamically loaded and unloaded into the
> application as
> and when required depending on certain conditions and using
g_module_xxxx
> calls.
>
> All of these plugin libraries call SSL_library_init() and since we do
not
> know how many times in the lifespan of the application these
> libraries would
> be loaded/unloaded, we dont know how many times
> SSL_library_init() would get
> called.
This issue is also encountered in pretty much every library of sufficient
complexity.
All modules in a process that access a complex library must cooperate to
meet that library's process-scope rules. Failure to meet this requirement
can lead to unexpected and spectacular failures.
As a simple example, consider algorithms that are added. These are
process-scope. A plugin may find algorithms added that it didn't want
added.
So you have to design your plugin to tolerate algorithms added by other
plugins.
In other words, being a plugin that works with other plugins puts design
constraints and imposes cooperation requirements. Imagine two plugins that
each want to call CRYPTO_set_mem_functions. Whose locking functions do we
use? What if one module uses a kernel threads implementation and the user
uses emulated threads inside a single kernel thread?
Sorry, it's not pretty, but if plugins are going to use OpenSSL, then the
program they are plugged into has to coordinate (or there has to be an
OpenSSL plugin they both use or some other sensible arrangement).
A process has to agree on how it's going to use OpenSSL because the process
loads and initializes the library. Making sure initialization is only done
once is the least of your problems.
DS
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
_________________________________________________________________
Catch the complete World Cup coverage with MSN
http://content.msn.co.in/Sports/Cricket/Default.aspx
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager [EMAIL PROTECTED]
