[Pkg-openssl-devel] Bug#844715: Bug#844715: openssl: segfault in shlibloadtest (observed on x32) due to dlopen/dlclose/OPENSSL_atexit/OPENSSL_cleanup ordering

Kurt Roeckx kurt at roeckx.be
Fri Nov 18 19:10:20 UTC 2016


On Fri, Nov 18, 2016 at 08:05:15PM +0100, Kurt Roeckx wrote:
> On Fri, Nov 18, 2016 at 12:59:57PM +0100, Thorsten Glaser wrote:
> > Breakpoint 1, OPENSSL_atexit (handler=handler at entry=0xf6745c50 <ssl_library_stop>) at crypto/init.c:604
> > 604     {
> > 
> > There is our 0xf6745c50, which is ssl_library_stop… huh?
> 
> [...]
> > 
> > That’s .text of libssl.so.1.1!
> > 
> > So it appears that dynamically loaded libraries are dismantled,
> > and OPENSSL_cleanup() is called too late. This might even be a
> > bug on other architectures; I’m changing the bug title before
> > submitting.
> 
> So that looks like this doesn't work:
>         /*
>          * Deliberately leak a reference to the handler. This will force the
>          * library/code containing the handler to remain loaded until we run the
>          * atexit handler. If -znodelete has been used then this is
>          * unneccessary.
>          */
>         {
>             DSO *dso = NULL;
> 
>             dso = DSO_dsobyaddr(handlersym.sym, DSO_FLAG_NO_UNLOAD_ON_FREE);
>             DSO_free(dso);
>         }

According to b6d5ba1a9f004d637acac18ae3519fe063b6b5e1 we should be
using -znodelete, but that probably didn't end up in the Debian
packaging properly.


Kurt



More information about the Pkg-openssl-devel mailing list