Hello openssl users ,
We are facing a access violation issue , your
thoughts/comments will be helpful ..
Below are the details and sequence of events before the
Access Violation occurs ...
- myexe.exe calls myfunction() which loads and unloads mydll.dll at run time
(LoadLibrary and FreeLibrary)
- myexe.exe may call myfunction() multiple times in the same process
- mydll.dll depends on SSL and CRYPTO dll
- Since CRYPTO is already loaded into myexe.exe address space, the
load/unload of mydll.dll only maps/unmaps SSL and mydll dlls.
Now ,
- After myexe loads mydll, it calls myConnect()
- myConnect() calls SSL_library_init() from SSL dll
- SSL_library_init() calls EVP_add_digest_alias(SN_md5,"ssl2-md5")
- EVP_add_digest_alias() saves the address of the string defined in SSL dll
into the names_lh hash in CRYPTO dll
- myexe.exe unloads mydll.dll after it is done using it
- SSL dll has been unloaded but, since CRYPTO dll is not unloaded, the hash in
CRYPTO still has a reference to an address in the now invalid SSL address space
- the next time myexe.exe loads mydll.dll, the SSL library may be loaded into a
different address space
- myexe.exe once again calls myConnect() which calls SSL_library_init()
- SSL_library_init calls EVP_add_digest_alias(SN_md5,"ssl2-md5")
- EVP_add_digest_alias() tries to compare the new string against the old values
stored in the names_lh hash
- Access violation occurs
Any Suggestions will be helpful ....
Thanks
Anil
