#229: static const EVP_CIPHER * make_ctr_evp (size_t keylen) in openssl.c
not threadsafe
----------------------+--------------------
Reporter: engstrom | Owner:
Type: defect | Status: new
Priority: normal | Milestone: 1.2.9
Component: API | Version: 1.3.0
Keywords: | Blocked By:
Blocks: |
----------------------+--------------------
make_ctr_evp() is calling memset on a static structure. With many (512+)
concurrent threads setting up ssh connections OpenSSL 0.9.8r is about to
use the static structure in one thread when another thread comes through
make_ctr_evp() and the structure is memset to 0. Before make_ctr_evp()
can set the appropriate structure members the thread currently calling
down into the OpenSSL 0.9.8r deferences a now null structure member
(maybe one of the function pointers?) and blows up.
--
Ticket URL: <http://trac.libssh2.org/ticket/229>
libssh2 <http://trac.libssh2.org/>
C library for writing portable SSH2 clients
_______________________________________________
libssh2-devel http://cool.haxx.se/cgi-bin/mailman/listinfo/libssh2-devel
