On 10/23/14 11:33, Stuart Henderson wrote: > On 2014-10-22, Martijn van Duren <martijn...@gmail.com> wrote: >> I'm currently trying to write a library that heavily relies on >> libcrypto. Because I don't want applications linking to it, to have to >> call OpenSSL_add_all_algorithms, for convenience, I added those calls to >> the appropriate places in my library. Because of this nature, the >> function is called multiple times, and even if I shielded it within my >> library it could still be called outside of it by an application using >> my library. > > fwiw, Asterisk ran into this, this was the result: > > http://reviewboard.asterisk.org/r/1006/ >
To me it sounds like something that would be nice to see fixed in libressl. I'm by far an expert in this code, so this is pretty much a shot in the dark, but when I added an extra NULL-check to obj_name_cmp it resolved my problem and the application didn't crash anymore, nor did I notice any (new) strange behavior in the regress tests of my library, nor in the libcrypto regress test. Although I do suspect that the problem itself lays somewhere else in the libcrypto source, and that n1->data shouldn't be NULL in the first place. Attached is the my patch for completeness and I hope that someone on this list can could look into this further or point me in the right direction. Sincerely, Martijn van Duren [demime 1.01d removed an attachment of type text/x-patch which had a name of o_names.diff]
