Re: patch: crash on using already destroyed ssl socket

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: Re: [pjsip] patch: crash on using already destroyed ssl socket
Hello Riza,

Could you, please, explain why did you remove all checking on openssl calls from my patch?
Your patch didn't fix race condition.
Imagine
one thread calls reset_ssl_sock_state
while another thread calls BIO_pending(ssock->ossl_wbio) on already closed socket.

Pleas, look at commit 189e20c68c2399782034fec9f65d6b9ee88aac3d
https://mta.openssl.org/pipermail/openssl-commits/2015-May/001035.html
   Reusing an SSL object when it has encountered a fatal error can
   have bad consequences. This is a bug in application code not libssl
   but libssl should be more forgiving and not crash.


P.S.
I don't understand why my patch isn't acceptable for you.
Could you, please, explain.

Regards,
Alexei

Sunday, October 9, 2016, 7:51:54 PM, you wrote:

Hi Ross/Alexei,

We have made some modification to the patch in order to incorporate the group lock.
Please find the patch on the attachment, could you help us in testing it?

Best Regards,

Riza

On Fri, Oct 7, 2016 at 4:47 PM, Ross Beer <
ross.beer@xxxxxxxxxxx> wrote:
Hi Ming,

Sorry to chase, however is this still undergoing review?

Kind regards,

Ross



From: pjsip <
pjsip-bounces@xxxxxxxxxxxxxxx> on behalf of Ming <ming@xxxxxxxxx>
Sent: 03 October 2016 12:34
To: pjsip list
Subject: Re: [pjsip] patch: crash on using already destroyed ssl socket

Hi Ross,

Yes, the patch is undergoing some changes and currently under
(hopefully) final review.

Regards,
Ming

On Mon, Oct 3, 2016 at 5:23 PM, Ross Beer <
ross.beer@xxxxxxxxxxx> wrote:
> Hi PJSIP team,
>
>
> Could this patch be considered for inclusion in the project?
>
>
>  This issue is causing segfaults a least once a day.
>
>
> Kind regards,
>
>
> Ross
>
>
>
> ________________________________
> From: pjsip <
pjsip-bounces@xxxxxxxxxxxxxxx> on behalf of Alexei Gradinari
> <
alex2grad@xxxxxxxxx>
> Sent: 21 September 2016 16:38
> To: pjsip list
> Subject: [pjsip] patch: crash on using already destroyed ssl socket
>
> Hello,
>
> On heavy loaded system with TLS,
> one thread could destroy the ssl socket on SSL_ERROR_SYSCALL
> while another thread still uses this socket which
> was already freed, so we get segfault.
> Attached 2 backtraces.
>
> To avoid race condition need to lock the socket before destroying it.
>
> The attached patch adds the socket lock on destroying it
> and adds a checking on all openssl calls that the socket wasn't destroyed.
>
> Regards,
> Alexei
>
> _______________________________________________
> Visit our blog:
http://blog.pjsip.org
>
> pjsip mailing list
>
pjsip@xxxxxxxxxxxxxxx
> http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org
pjsip Info Page
lists.pjsip.org
This is the mailing list to discuss pjsip, the open source sip stack. We also have answers to frequently asked questions. To see the collection of prior postings to ...



>

_______________________________________________
Visit our blog:
http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org

_______________________________________________
Visit our blog:
http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org




--
Best regards,
Alexei                            
mailto:alex2grad@xxxxxxxxx
_______________________________________________
Visit our blog: http://blog.pjsip.org

pjsip mailing list
pjsip@xxxxxxxxxxxxxxx
http://lists.pjsip.org/mailman/listinfo/pjsip_lists.pjsip.org

[Index of Archives]     [Asterisk Users]     [Asterisk App Development]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [Linux API]
  Powered by Linux