[openssl.org #291] race condition in *get_cipher_by_char

s2_lib.c:ssl2_get_cipher_by_char
s3_lib.c:ssl3_get_cipher_by_char

has this code:

if (init)
{
CRYPTO_w_lock(CRYPTO_LOCK_SSL);
...[qsort and stuff]...
CRYPTO_w_unlock(CRYPTO_LOCK_SSL);
init=0;
}

There needs to be a if (init) after the lock is acquired to prevent the
static data from being trashed while another thread is using it.

Or, you can use an atomic set operation instead, if openssl has that
available:

if (atomic_set(init, 1) == 0) {
   // do init stuff

patrick


__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

[openssl.org #291] race condition in *get_cipher_by_char

[Bodo Moeller via RT]

__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Re: [openssl.org #291] race condition in *get_cipher_by_char

[Bodo Moeller]

On Wed, Sep 25, 2002 at 05:31:08PM +0200, Bodo Moeller via RT wrote:



As usual, I really wrote that the bug will be fixed in the next
snapshot (but RT2 still does not believe me :-).


-- 
Bodo Möller [EMAIL PROTECTED]
PGP http://www.informatik.tu-darmstadt.de/TI/Mitarbeiter/moeller/0x36d2c658.html
* TU Darmstadt, Theoretische Informatik, Alexanderstr. 10, D-64283 Darmstadt
* Tel. +49-6151-16-6628, Fax +49-6151-16-6036
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]