[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openssl-users
Subject:    Re: crash from curl with pkcs12 certs and threads
From:       "Dr. Stephen Henson" <steve () openssl ! org>
Date:       2010-06-26 12:56:55
Message-ID: 20100626125655.GA68580 () openssl ! org
[Download RAW message or body]

On Thu, Jun 24, 2010, Brian Makin wrote:

> On Thu, 2010-06-24 at 15:22 +0200, Dr. Stephen Henson wrote:
> > On Tue, Jun 22, 2010, Brian Makin wrote:
> 
> <snip>
> 
> >  
> > 
> > Can you check to see if PKCS12_PBE_add() is called multiple times using the
> > debugger? It is only supposed to be called once before threads are started but
> > a bug means if it is called more than once you get multiple table entries per
> > PBE algorithm (instead of no-op or replacing) and the subsequent sort
> > operations can result in a race condition. I'll look into fixing that.
> > 
> > OpenSSL 1.0.0 doesn't have this problem because the builtin PBE algorithms are
> > in a static table.
> 
> It appears the PKCS12_PBE_add is called many times in my test program.
> 

Please try the next snapshot or apply this patch and see if it fixes the
problem:

http://cvs.openssl.org/chngview?cn=19721

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majordomo@openssl.org
[prev in list] [next in list] [prev in thread] [next in thread]