New submission from Sean Soria <bugs.pyt...@seansoria.com>:

I seem to have a rather unique setup that causes this crash to be 100% 
reproducible. My application embeds python in order to execute user code. It is 
constantly loading and unloading the libraries so that they're only in memory 
during execution of user code. The problem I'm seeing is with the calls to 
CRYPTO_set_locking_callback and CRYPTO_set_id_callback in _setup_ssl_threads in 
_ssl.c. These calls will override whatever callbacks my application has already 
set up, and then when we unload python, callbacks are never restored. When my 
application later makes an SSL call that requires use of locking_callback or 
id_callback, it will attempt to call one of the functions in _ssl.so address 
space. Since nothing is there, this causes the program to crash. Worse yet 
would be if something were loaded into the same address space and arbitrary 
code were executed (though I don't see how malicious code could be executed in 
this way).

I haven't confirmed with other version of Python, but this was discovered while 
upgrading the embedded version from 2.4.5 to 2.6.4, so it's very likely to 
exist in many other version since the code was put in place in 2007.

----------
components: Extension Modules
messages: 97551
nosy: janssen, ssoria
severity: normal
status: open
title: _ssl module causes segfault
type: crash
versions: Python 2.6

_______________________________________
Python tracker <rep...@bugs.python.org>
<http://bugs.python.org/issue7672>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe: 
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com

Reply via email to