Hi
I came across some un-initialized variables in openssl 0.9.8e source code
while debugging globus toolkit application crash dump using valgrind. Though
globus toolkit is using openssl 0.9.7d version, I found that there was very
minimum change in these source code files.
There may be general problem in openssl source code where all variables of a
structure are not initialized after allocating space using OPENSSL_malloc().
I found that source code is not initializing allocated structure variables
uniformly (either using memset() or initialize individual variable) after
OPENSSL_malloc(). Let me know if I can contribute to resolve this problem.
These are the files I analyzed.
crypto/ui/ui_lib.c: UI *UI_new_method(const UI_METHOD *method)
i.e. un-initialized flags variable in UI structure
crypto/bn/bn_lib.c: BIGNUM *BN_new(void)
crypto/bn/bn_mont.c: BN_MONT_CTX *BN_MONT_CTX_new(void)
i.e. un-initialized n0 variable in BN_MONT_CTX structure
Finally I changed the crypto/mem.c so that the OPENSSL_malloc() allocates
memory using calloc() instead of malloc().
New static calloc definitions:
static void *(*calloc_func)(size_t, size_t) = calloc;
static void *default_calloc_ex(size_t nmemb, size_t num, const char *file,
int line)
{ return calloc_func(nmemb, num); }
static void *(*calloc_ex_func)(size_t, size_t, const char *file, int line)
= default_calloc_ex;
and CRYPTO_malloc() where I replaced a statement as shown below.
void *CRYPTO_malloc(int num, const char *file, int line)
{
void *ret = NULL;
extern unsigned char cleanse_ctr;
if (num <= 0) return NULL;
allow_customize = 0;
if (malloc_debug_func != NULL)
{
allow_customize_debug = 0;
malloc_debug_func(NULL, num, file, line, 0);
}
ret = calloc_ex_func(num, 1,file,line);
/* REPLACED HERE: ret = malloc_ex_func(num, 1,file,line); */
#ifdef LEVITTE_DEBUG_MEM
fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num);
#endif
if (malloc_debug_func != NULL)
malloc_debug_func(ret, num, file, line, 1);
/* Create a dependency on the value of 'cleanse_ctr' so our memory
* sanitisation function can't be optimised out. NB: We only do
* this for >2Kb so the overhead doesn't bother us. */
if(ret && (num > 2048))
((unsigned char *)ret)[0] = cleanse_ctr;
return ret;
}
Thanks
SAM SHARMA
|
Hi
I came across some un-initialized variables in openssl 0.9.8e
source code while debugging globus toolkit application crash dump using
valgrind. Though globus toolkit is using openssl 0.9.7d version, I found that there
was very minimum change in these source code files.
These are the files I analyzed.
crypto/ui/ui_lib.c: UI *UI_new_method(const UI_METHOD *method) i.e. un-initialized flags variable in UI structure crypto/bn/bn_lib.c: BIGNUM *BN_new(void) crypto/bn/bn_mont.c: BN_MONT_CTX *BN_MONT_CTX_new(void) i.e. un-initialized n0 variable in BN_MONT_CTX structure
Finally I changed the crypto/mem.c so that the OPENSSL_malloc() allocates memory using calloc() instead of malloc().
New static calloc definitions:
static void *(*calloc_func)(size_t, size_t) = calloc; static void *default_calloc_ex(size_t nmemb, size_t num, const char *file, int line) { return calloc_func(nmemb, num); } static void *(*calloc_ex_func)(size_t, size_t, const char *file, int line) = default_calloc_ex;
and CRYPTO_malloc() where I replaced a statement as shown below.
void *CRYPTO_malloc(int num, const char *file, int line) { void *ret = NULL; extern unsigned char cleanse_ctr;
if (num <= 0) return NULL;
allow_customize = 0; if (malloc_debug_func != NULL) { allow_customize_debug = 0; malloc_debug_func(NULL, num, file, line, 0); } ret = calloc_ex_func(num, 1,file,line); /* REPLACED HERE: ret = malloc_ex_func(num, 1,file,line); */ #ifdef LEVITTE_DEBUG_MEM fprintf(stderr, "LEVITTE_DEBUG_MEM: > 0x%p (%d)\n", ret, num); #endif if (malloc_debug_func != NULL) malloc_debug_func(ret, num, file, line, 1);
/* Create a dependency on the value of 'cleanse_ctr' so our memory * sanitisation function can't be optimised out. NB: We only do * this for >2Kb so the overhead doesn't bother us. */ if(ret && (num > 2048)) ((unsigned char *)ret)[0] = cleanse_ctr;
return ret; }
Thanks
SAM SHARMA |
