Dear all,
We have found that there might be an unsolved thread-safe problem in the
openssl library. A POSSIBLE solution is also proposed here.
CASES:
Most of segmentation faults happen on the o_names.c:184 Free(ret) or in
the lhash.c:418 (*cf)(n1->data,data). The first case happens when it
wants to free an already freed memory. The second one happens when it
wants to compare a freed memory to another string. It seems that two
pointers (belonging to different threads separately) point to the same
memory and the SF happens when one freed it but another one wants to do
something on it.
PROBLEM:
A global LHASH object without any mutex protection may cause this
problem. In our cases, LHASH *names_lh is the victim.
Our first case happens when two threads get the same lh_node with the
same key and they all replace the old data with its own data. Then,
they all want to free the old data and it is not allowed for c library
to free a memory twice. So it crashed.
The same, our second case happens when two threads get the same node
but one of them wants to compare it after another one had freed it.
SOLUTION:
It is not reasonable to mutex lock in LHASH functions because there are
at least 5 different types LHASH (eg. OBJ_NAME, X509_OBJECT, APP_INFO
and etc.) using LHASH functions. The better way is protecting the
different types of global LHASH variables separately. For example, we
modified o_names.c to protect LHASH *names_lh. Only one thread can
"ADD", "REMOVE" or "GET" from it at one time. Attachment is the patch
file.
We don't know if this is the real reason to cause SF but our
modification solves our problem and it works well. Before the
modification, we can only run the program for about ten thousands of
iterations before crashed. However, after the modification, we can run
millions of iterations and it is still alive.
If there is any different opinions or someone thinks that we are wrong,
please tell us. Or if the developers of openssl have another better way
to solve this problem, please inform us. Thanks. Finally, please
forgive my poor English and hope you can understand what I mean.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
