On Tue, Jan 28, 2014, at 05:18 PM, Dr. Stephen Henson wrote: > On Tue, Jan 28, 2014, Adam McLaurin wrote: > > > I suspect this will result in a double free bug, as I don't think memory > > ownership of 'data' is actually passed back to the caller (which is why > > it's 'const char**'). The error isn't really 'popped' from the queue - > > the queue just gets some indexes adjusted but the structure itself seems > > unmodified by ERR_get_error_line_data(). What is still moderately > > unclear is exactly at what point the OpenSSL library goes in and cleans > > out the error queue. My guess (as I said in my previous email) is that > > the user should call ERR_clear_error() when the error queue becomes > > empty, to actually go through and clean out the internal structures. > > I'll let the OpenSSL experts clarify that, however. In any case, the > > documentation could definitely be improved in this regard. > > > > Yes the documention is rather old and could be clearer. > > I had to double check with the source to see what was happening. The > functions > that retrieve errors all end up calling get_error_values in > crypto/err/err.c . > > Errors are stored in a per-thread circular buffer. > > In the case of ERR_get_error_line_data: > > If you don't retrieve the extra error data then it is freed immediately. > > Otherwise you get an internal pointer into the error queue (which is why > it is > const). The memory will be freed either when you clear the queue > explicitly > with ERR_clear_error() or a new entry is added which overwrites the > internal > extra data pointer. > > Additionally when thread cleanup is performed using > ERR_remove_thread_state() > the whole table for that thread is freed which includes any extra error > data > which hasn't been already freed. > > Steve. > -- > Dr Stephen N. Henson. OpenSSL project core developer. > Commercial tech support now available see: http://www.openssl.org
Thanks, this makes it 100% clear what needs to be done here. I have to wonder though how many double-free bugs exist out there in the wild due to the misleading documentation. In any case, thanks for updating the online docs so quickly! -Adam ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
