Re: Session caching bug

1999-12-29 Thread Bodo Moeller 

Kyle R. Rose [EMAIL PROTECTED]:

 In the course of using OpenSSL for a client application, I would
 regularly get a SEGV in the client session caching code under high
 load.  After some examination, I traced it to SSL_CTX_add_session,
 where two data structures (a hash and a list) are not being kept in
 sync: when a session is deleted from the hash, it is not
 correspondingly deleted from the list, causing that memory to be freed
 twice (once as a dangling pointer, of course) when it is finally taken
 off the list.

If you are writing a *client*, then why is SSL_CTX_add_session used at
all?  Usually it is only used for servers unless you set the
SSL_SESS_CACHE_CLIENT bit in the SSL_CTX's session_cache_mode.

Assuming that you're actually writing a server -- does your
application set SSL_SESS_CACHE_NO_INTERNAL_LOOKUP?  While examining
ssl_sess.c I found that it cannot work because it can violate some
invariants that other functions rely on (there may not be multiple
SSL_SESSIONs with the same session ID).  Also a multi-threaded server
with external cache can run into problems for similar reasons.
And applications that directly call SSL_CTX_add_session can run into
the same kind of problems.  Does anything of this apply to your
application?  If so, the next OpenSSL snapshot should solve the
problem; otherwise I haven't yet found the real cause of your problem.

 I submit the following patch, which has solved our SEGV problems:

The patch should work, but the list will be reordered each time a
session is reused.
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]

Session caching bug

1999-12-22 Thread Kyle R. Rose 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

In the course of using OpenSSL for a client application, I would
regularly get a SEGV in the client session caching code under high
load.  After some examination, I traced it to SSL_CTX_add_session,
where two data structures (a hash and a list) are not being kept in
sync: when a session is deleted from the hash, it is not
correspondingly deleted from the list, causing that memory to be freed
twice (once as a dangling pointer, of course) when it is finally taken
off the list.

I submit the following patch, which has solved our SEGV problems:

Changed version: 
 
/* Put on the end of the queue unless it is already in the cache */ 
if (s != NULL) 
SSL_SESSION_list_remove(ctx,s); 
 
 
SSL_SESSION_list_add(ctx,c); 
 
/* If the same session if is being 're-added', Free the old 
 * one when the last person stops using it. 
 * This will also work if it is alread in the cache. 
 * The references will go up and then down :) */ 
 
Original version :  
 
/* Put on the end of the queue unless it is already in the cache */ 
if (s == NULL) 
SSL_SESSION_list_add(ctx,c); 
 
/* If the same session if is being 're-added', Free the old 
 * one when the last person stops using it. 
 * This will also work if it is alread in the cache. 
 * The references will go up and then down :) */ 


Comments?

Kyle 

- -- 
Kyle R. RoseMIT LCS NE43-309, Cambridge, MA
11 Winslow Avenue Apt. 2617-253-5883
Somerville, MA 02144[EMAIL PROTECTED]
617-628-0271http://web.mit.edu/krr/www/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.1 and Gnu Privacy Guard http://www.gnupg.org/

iD8DBQE4X98h66jzSko6g9wRAu5rAJ4iqbTAbCeUZMCyDLdUzvG+N1DOSwCfYNyO
eohtA6TEhw3ujnEhZzPWUUM=
=nPYu
-END PGP SIGNATURE-
__
OpenSSL Project http://www.openssl.org
Development Mailing List   [EMAIL PROTECTED]
Automated List Manager   [EMAIL PROTECTED]