Fixed SIGSEGV of OpenSSL on exit()

This commit is contained in:
Gerhard Rieger 2022-07-09 15:29:26 +02:00
parent 09969852e9
commit 15e38be2f5
4 changed files with 18 additions and 6 deletions

View file

@ -1,4 +1,12 @@
 
Porting:
OpenSSL, at least 1.1 on Ubuntu, crashed with SIGSEGV under certain
conditions: client connection to server with certificate with empty
subject, and pressing ^C after successful connect.
This crash is now prevented by setting OPENSSL_INIT_NO_ATEXIT.
Thanks to Martin Dorey for reporting and analyzing this issue, and for
providing an environment for reproduction.
Testing: Testing:
Unset SOCAT_MAIN_WAIT on informational Socat calls Unset SOCAT_MAIN_WAIT on informational Socat calls

View file

@ -21,7 +21,7 @@
#include "sysutils.h" #include "sysutils.h"
#include "sycls.h" #include "sycls.h"
#if HAVE_OPENSSL_init_ssl #if HAVE_OPENSSL_INIT_SSL
int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
int result; int result;
Debug2("OPENSSL_init_ssl("F_uint64_t", %p)", opts, settings); Debug2("OPENSSL_init_ssl("F_uint64_t", %p)", opts, settings);
@ -31,7 +31,7 @@ int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) {
} }
#endif #endif
#if !HAVE_OPENSSL_init_ssl #if !HAVE_OPENSSL_INIT_SSL
void sycSSL_load_error_strings(void) { void sycSSL_load_error_strings(void) {
Debug("SSL_load_error_strings()"); Debug("SSL_load_error_strings()");
SSL_load_error_strings(); SSL_load_error_strings();
@ -39,7 +39,7 @@ void sycSSL_load_error_strings(void) {
} }
#endif #endif
#if !HAVE_OPENSSL_init_ssl #if !HAVE_OPENSSL_INIT_SSL
int sycSSL_library_init(void) { int sycSSL_library_init(void) {
int result; int result;
Debug("SSL_library_init()"); Debug("SSL_library_init()");

View file

@ -8,7 +8,7 @@
#if WITH_SYCLS #if WITH_SYCLS
#if WITH_OPENSSL #if WITH_OPENSSL
#if HAVE_OPENSSL_init_ssl #if HAVE_OPENSSL_INIT_SSL
int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings); int sycOPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings);
#endif #endif
void sycSSL_load_error_strings(void); void sycSSL_load_error_strings(void);

View file

@ -959,11 +959,15 @@ int
openssl_delete_cert_info(); openssl_delete_cert_info();
/* OpenSSL preparation */ /* OpenSSL preparation */
#if HAVE_OPENSSL_init_ssl #if HAVE_OPENSSL_INIT_SSL
{ {
uint64_t opts = 0;
OPENSSL_INIT_SETTINGS *settings; OPENSSL_INIT_SETTINGS *settings;
settings = OPENSSL_INIT_new(); settings = OPENSSL_INIT_new();
sycOPENSSL_init_ssl(0, settings); #ifdef OPENSSL_INIT_NO_ATEXIT
opts |= OPENSSL_INIT_NO_ATEXIT;
#endif
sycOPENSSL_init_ssl(opts, settings);
} }
#else #else
sycSSL_library_init(); sycSSL_library_init();