On 13.11.2016 20:04, Apollon Oikonomopoulos wrote: > OpenSSL 1.1 features a cleanup function that is automatically run on shutdown > using atexit(3). This function frees all OpenSSL-allocated resources. > > In dovecot, OpenSSL is loaded indirectly using dlopen(3) against the relevant > dovecot crypto module and is finally unloaded using dlclose(3). Until > OpenSSL 1.0.1c this worked fine, however OpenSSL 1.0.1c makes sure[1] that the > library stays loaded after the initial dlclose() so that the atexit(3) > handlers can run on shutdown. This, together with the fact that dovecot > uses custom allocation functions for OpenSSL and has already partially > free()'d some of OpenSSL's resources in module_free(), leads to a > segfault at process shutdown[2]. > > We fix this by explicitly calling OPENSSL_cleanup() during module unload. This > is safe to do, as long as we will never want to subsequently re-initialize > OpenSSL. > > [1] > https://github.com/openssl/openssl/commit/4af9f7fe79ff82b90c16969b7e5871435056377b > [2] > https://buildd.debian.org/status/fetch.php?pkg=dovecot&arch=amd64&ver=1:2.2.26.0-2&stamp=1478873022 > > Signed-off-by: Apollon Oikonomopoulos <[email protected]> > --- > src/lib-ssl-iostream/dovecot-openssl-common.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/src/lib-ssl-iostream/dovecot-openssl-common.c > b/src/lib-ssl-iostream/dovecot-openssl-common.c > index 51ea3ad..2bf6307 100644 > --- a/src/lib-ssl-iostream/dovecot-openssl-common.c > +++ b/src/lib-ssl-iostream/dovecot-openssl-common.c > @@ -101,6 +101,9 @@ bool dovecot_openssl_common_global_unref(void) > ERR_remove_thread_state(NULL); > #endif > ERR_free_strings(); > +#if OPENSSL_VERSION_NUMBER >= 0x10100000L > + OPENSSL_cleanup(); > +#endif > return FALSE; > } >
Hi! Your patch is being reviewed. Aki
