Versions affected: latest cvs, 0.9.8, 0.9.7 with kerberos support. kssl functions (kssl.c) use libc malloc/calloc/free instead of openssl versions (.e.g. OPENSSL_malloc). This can be a problem if some application changes the default mallocs used by openssl (via CRYPTO_set_mem_functions()) and expects openssl to always use the new ones. For example in a multi-process application that uses a common shared memory pool and proprietary mallocs that use this shm pool and in which an openssl connection can "move" from one process to another (e.g. is created in one process, data is read/sent form another one and the ssl ctx is destroyed from yet another one), any "wrong" malloc/free used will lead to a crash. This bug appears only if openssl is compiled with kerberos support (but even if kerberos is not used). The attached patch (against cvs) fixes this problem by creating a kssl_calloc function that uses OPENSSL_malloc and by using it (and kssl_free/OPENSSL_free) each time some data that will be saved into kssl_ctx is allocated. Temporary / non-persistent stuff used for the kerberos calls is still allocated with libc malloc/calloc/free. The patch applies also to 0.9.8*. Apply with patch -p1 < ... Andrei ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [EMAIL PROTECTED]
[openssl.org #1467] [BUG] [PATCH] kssl wrong malloc/calloc/free
Andrei Pelinescu-Onciul via RT Tue, 30 Jan 2007 01:36:46 -0800
- [openssl.org #1467] [BUG] [PATCH] kssl wron... Andrei Pelinescu-Onciul via RT
- Re: [openssl.org #1467] [BUG] [PATCH] ... Andrei Pelinescu-Onciul
- Re: [openssl.org #1467] [BUG] [PAT... Kyle Hamilton
- Re: [openssl.org #1467] [BUG] ... Nils Larsch
- [openssl.org #1467] [BUG] [PATCH] kssl... Nils Larsch via RT
