Control: tags -1 patch Hi!
On Sat, 2017-07-29 at 09:11:53 +0200, Kurt Roeckx wrote: > On Sat, Jul 29, 2017 at 12:12:16AM +0200, Michael Prokop wrote: > > Kurt, do you have any ideas what might go wrong in OPENSSL_cleanup > > here and how this could be fixed? We'd appreciate any hints. Thanks! > I don't see anything obvious wrong. From what I understand it > calls exit(0) from a SIGTERM handler. > > The only suggestion I have is that you try to run this under > valgrind or something. > > Also feel free to open a github issue about this. I was checking this, and my initial hypothesis which I've not yet confirmed, but seems completely spot on, given the documentation I've just read about OPENSSL_cleanup() is that something within the pthreads library is releasing the memory pool for the affected variable that is segfaulting in OpenSSL, and when the OpenSSL atexit() handler gets called the pthreads variable is already gone. The attached patch fixes the segfault for me, and seems to be in line with the recommendations in the OPENSSL_cleanup() docs. I should probably update the comment further. And I guess this report should be reassigned to the kamailio package then. I'm not sure whether calling OPENSSL_thread_stop() would be more correct here, as I don't know how threads are being used, and how the TLS module interacts with the rest of the codebase, etc. Thanks, Guillem
Description: Explicitly call OPENSSL_cleanup() on TLS module destruction Kamailio is a threaded program, and it pulls OpenSSL via a dynamically linked plugin loaded at run-time via dlopen(). . Older OpenSSL releases do not perform automatic cleanup on exit, newer ones do via an atexit() handler. . In addition the OpenSSL code leaks (on purpose) a DSO handler for itself so that it can guarantee that the library is still present when the atexit() handler is executed. . When the handler is called, a pthreads variable is still present but the memory it points to is not allocated anymore, which indicates something else released those pthreads pools. Most probably pthreads itself as part of its deconstructors, pthread_exit() or atexit() handlers while unwinding or being unloaded. . While that might be a bug that might need to be tracked independently, explicitly calling the OpenSSL cleanup code fixes the issue for newer OpenSSL releases. And the documentation for OPENSSL_cleanup() mentions that explicit cleanup might be needed in these conditions anyway. Origin: other, Sipwise Author: Guillem Jover <[email protected]> Bug-Debian: https://bugs.debian.org/870018 --- --- a/src/modules/tls/tls_init.c +++ b/src/modules/tls/tls_init.c @@ -778,4 +778,8 @@ void destroy_tls_h(void) tls_destroy_cfg(); tls_destroy_locks(); tls_ct_wq_destroy(); + +#if OPENSSL_VERSION_NUMBER >= 0x010100000L + OPENSSL_cleanup(); +#endif }

