[Pkg-openssl-devel] Bug#844715: Bug#844715: openssl: segfault in shlibloadtest (observed on x32) due to dlopen/dlclose/OPENSSL_atexit/OPENSSL_cleanup ordering

Fri Nov 18 19:05:15 UTC 2016

On Fri, Nov 18, 2016 at 12:59:57PM +0100, Thorsten Glaser wrote:
> Breakpoint 1, OPENSSL_atexit (handler=handler at entry=0xf6745c50 <ssl_library_stop>) at crypto/init.c:604
> 604     {
> 
> There is our 0xf6745c50, which is ssl_library_stop… huh?

[...]
> 
> That’s .text of libssl.so.1.1!
> 
> So it appears that dynamically loaded libraries are dismantled,
> and OPENSSL_cleanup() is called too late. This might even be a
> bug on other architectures; I’m changing the bug title before
> submitting.

So that looks like this doesn't work:
        /*
         * Deliberately leak a reference to the handler. This will force the
         * library/code containing the handler to remain loaded until we run the
         * atexit handler. If -znodelete has been used then this is
         * unneccessary.
         */
        {
            DSO *dso = NULL;

            dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
            DSO_free(dso);
        }


Kurt