Bug#848652: [Pkg-openssl-devel] Bug#848652: build fails on ppc64el, double free or corruption, stack suggests libssl

Kurt Roeckx kurt at roeckx.be
Tue Dec 20 20:46:38 UTC 2016


On Tue, Dec 20, 2016 at 05:33:12PM +0100, Daniel Pocock wrote:
> 
> 
> On 19/12/16 23:05, Kurt Roeckx wrote:
> 
> > 
> > You should use SSL_COMP_free_compression_methods() so that we can
> > put the internal pointer to NULL.
> >
> 
> Thanks for suggesting that, I notice that method is only available with
> OpenSSL 1.0.2 and I'm also trying to build backports for jessie (OpenSSL
> 1.0.1)
> 
> Is there anything I can do that will be 1.0.1 compatible?

Doesn't look like there is.

> Maybe I could also do this:
> 
> #if OPENSSL_VERSION_NUMBER < 0x01000200f
>   ErrLog(<<"Unable to free compression methods on OpenSSL < 1.0.2");
> #else
>   SSL_COMP_free_compression_methods()
> #endif
> 
> 
> so that the code will compile with either OpenSSL version, but people
> stuck with an older OpenSSL will potentially have the leak.

Just leak it, even for 1.0.2. (In 1.1.0 the function doesn't do
anything anymore, OpenSSL will clean it up itself.)


Kurt



More information about the Pkg-voip-maintainers mailing list