Fixed SIGSEGV of OpenSSL on exit()

This commit is contained in:
Gerhard Rieger 2022-07-09 15:29:26 +02:00
parent 09969852e9
commit 15e38be2f5
4 changed files with 18 additions and 6 deletions

View file

@ -1,4 +1,12 @@

Porting:
OpenSSL, at least 1.1 on Ubuntu, crashed with SIGSEGV under certain
conditions: client connection to server with certificate with empty
subject, and pressing ^C after successful connect.
This crash is now prevented by setting OPENSSL_INIT_NO_ATEXIT.
Thanks to Martin Dorey for reporting and analyzing this issue, and for
providing an environment for reproduction.
Testing:
Unset SOCAT_MAIN_WAIT on informational Socat calls

View file

@ -21,7 +21,7 @@
#include "sysutils.h"
#include "sycls.h"
#if HAVE_OPENSSL_init_ssl
#if HAVE_OPENSSL_INIT_SSL
int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
int result;
Debug2("OPENSSL_init_ssl("F_uint64_t", %p)", opts, settings);
@ -31,7 +31,7 @@ int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
}
#endif
#if !HAVE_OPENSSL_init_ssl
#if !HAVE_OPENSSL_INIT_SSL
void sycSSL_load_error_strings(void) {
Debug("SSL_load_error_strings()");
SSL_load_error_strings();
@ -39,7 +39,7 @@ void sycSSL_load_error_strings(void) {
}
#endif
#if !HAVE_OPENSSL_init_ssl
#if !HAVE_OPENSSL_INIT_SSL
int sycSSL_library_init(void) {
int result;
Debug("SSL_library_init()");

View file

@ -8,7 +8,7 @@
#if WITH_SYCLS
#if WITH_OPENSSL
#if HAVE_OPENSSL_init_ssl
#if HAVE_OPENSSL_INIT_SSL
int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
#endif
void sycSSL_load_error_strings(void);

View file

@ -959,11 +959,15 @@ int
openssl_delete_cert_info();
/* OpenSSL preparation */
#if HAVE_OPENSSL_init_ssl
#if HAVE_OPENSSL_INIT_SSL
{
uint64_t opts = 0;
OPENSSL_INIT_SETTINGS *settings;
settings = OPENSSL_INIT_new();
sycOPENSSL_init_ssl(0, settings);
#ifdef OPENSSL_INIT_NO_ATEXIT
opts |= OPENSSL_INIT_NO_ATEXIT;
#endif
sycOPENSSL_init_ssl(opts, settings);
}
#else
sycSSL_library_init();