Re: memory corruption after libssl is unloaded from memory

Mon, 16 Aug 2010 05:30:50 -0700 

On Fri, 13 Aug 2010, Ladar Levison wrote:

> I was able to dynamically load OpenSSL, initialize it, unload it, and then
> reload it back up again using your example along with some of my cleanup code.
> Since I don't know your specific use case, I don't know if something like this
> will work for you, but figured I'd send it along just in case. Here's the
> console output:
>
> [la...@magma Desktop]$ gcc -std=gnu99 -g -ldl ssl-dlopen-crash.c 2>&1 ; /a.out
> ; valgrind --tool=memcheck --leak-check=yes ./a.out
> Opening libssl.so...
> Initializing with OpenSSL...
> Closing libssl.so...
> Opening libssl.so...
> Initializing with OpenSSL...
> Closing libssl.so...
> ==21089== Memcheck, a memory error detector
> ==21089== Copyright (C) 2002-2009, and GNU GPL'd, by Julian Seward et al.
> ==21089== Using Valgrind-3.5.0 and LibVEX; rerun with -h for copyright info
> ==21089== Command: ./a.out
> ==21089==
> Opening libssl.so...
> Initializing with OpenSSL...
> Closing libssl.so...
> Opening libssl.so...
> Initializing with OpenSSL...
> Closing libssl.so...
> ==21089==
> ==21089== HEAP SUMMARY:
> ==21089==     in use at exit: 0 bytes in 0 blocks
> ==21089==   total heap usage: 5,293 allocs, 5,293 frees, 207,568 bytes
> allocated
> ==21089==
> ==21089== All heap blocks were freed -- no leaks are possible
> ==21089==
> ==21089== For counts of detected and suppressed errors, rerun with: -v
> ==21089== ERROR SUMMARY: 0 errors from 0 contexts (suppressed: 22 from 9)
>
> And a variant of the cleanup function I took from my actual application:
>
> void ssl_stop(void) {
>
>    if (ssl_locks != NULL) {
>
>        ERR_remove_state_d(0);
>        COMP_zlib_cleanup_d();
>        CONF_modules_unload_d(1);
>        OBJ_cleanup_d();
>        OBJ_NAME_cleanup_d(-1);
>        BIO_sock_cleanup_d();
>        EVP_cleanup_d();
>        ENGINE_cleanup_d();
>        CRYPTO_cleanup_all_ex_data_d();
>        ERR_free_strings_d();

        hi Ladar, this frees all the strings, not just SSL strings 
referenced from the hash table created by the libcrypto code. So, if 
some code will use some libcrypto error strings after unloading libssl 
and calling this stop function, I believe we may end up in a similar 
situation and crash again.

        Jan.

-- 
Jan Pechanec
http://blogs.sun.com/janp
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       openssl-dev@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to