[prev in list] [next in list] [prev in thread] [next in thread]
List: openssl-dev
Subject: [openssl.org #2461]
From: "Michael M. Welch via RT" <rt () openssl ! org>
Date: 2011-02-27 3:18:21
Message-ID: rt-3.4.5-17855-1298776700-1305.2461-6-0 () openssl ! org
[Download RAW message or body]
This transaction appears to have no content
[Attachment #3 (text/html)]
In looking at this further, I note that even in a static lib build of OpenSSL, the \
OPENSSL_cpuid_setup() function is putin the CRT$XCU segment that is to be executed as \
part of static global initializations. Anything that runs like that is subject \
to the same issues as whatever runs in DllMain() is, so this means that this same \
getenv() deadlock problem can also occur even if the OpenSSL library itself is \
static, rather than a DLL.<br /><br /><br />- Michael<br /><br /><br /> <p>On Feb 26, \
2011, <strong>Michael M. Welch</strong> <michael@welch.net> wrote:</p> <div \
class="replyBody"> <blockquote class="email_quote" style="border-left: 2px solid \
#267fdb; margin: 0pt 0pt 0pt 1.8ex; padding-left: 1ex;">Platform: Windows \
only<br />Version: OpenSSL 1.0.0d<br />Source file: crypto\cryptlib.c<br \
/>Function: OPENSSL_cpuid_setup() ( invoked from within DllMain() )<br \
/>Llines: 677 and 678<br />Source:<br /> if \
((env=getenv("OPENSSL_ia32cap")))<br /> \
OPENSSL_ia32cap_P = strtoul(env,NULL,0)|(1<<10);<br /><br />Problem:<br />Per \
this website ( <a class="parsedLink" \
href="http://msdn.microsoft.com/en-us/library/ms682583%28v=vs.85%29.aspx" \
target="_blank">http://msdn.microsoft.com/en-us/library/ms682583%28v=vs.85%29.aspx</a> \
), Microsoft is on record as stating that calling CRT methods from within DllMain() \
is inherently unsafe and can lead to deadlock situations in multi-threaded \
applications. The example on the given website cautions about getenv() \
specifically. <br /><br />In OpenSSL crypto, the getenv() function is \
explicitly invoked during DllMain(), thus opening up this dangerous situation. \
(Furthermore, it's immediately followed by a call to strtoul(), another CRT \
function.) Deadlocks ensue when one thread runs the DllMain, thus acquiring the \
LoaderLock and then looks to acquire _ENV_LOCK (because getenv() requires that lock), \
but another thread already has _ENV_LOCK and is looking to acquire the LoaderLock.<br \
/><br /><br />- Michael<br /><br /></blockquote> </div>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List openssl-dev@openssl.org
Automated List Manager majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic