Goetz Babin-Ebell <[EMAIL PROTECTED]>:
>>I think in b_sock.c I've stumbled into some error cases in which some locking
>>isn't undone:
> - if (ret == NULL) return(NULL);
> + if (ret == NULL)
> + goto err;
> - if (ret == NULL) return(NULL);
> - if (j > 128) return(ret); /* too big to cache */
> + if (ret == NULL || j > 128) /* not found or too big to
> cache */
> + {
> + CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME);
> + return(ret);
> + }
Your diff is relative to b_sock.c version 1.12 or older (in the
OpenSSL CVS repository), which corresponds to OpenSSL 0.9.2b.
OpenSSL 0.9.3 has more sophisticated bugs :-) (their presence is
indicated by a comment, although that comment does not note
that the function interface makes it impossible to make
BIO_gethostbyname threadsafe).
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
