Claudio Jeker <[email protected]> wrote:

> On Thu, Apr 16, 2020 at 09:45:45AM -0600, Theo de Raadt wrote:
> > I don't understand the point of any of this cleanup.  The process
> > is dying and none of these things maintain external state.
> > 
> > I'm going to call it what it is: stylistically stupid and rigid.
> > 
> > Why?  Because it would mean every call to errx() in the program is
> > wrong because they don't attempt this, and only this one exit() call
> > needs this kind of cleanup.  That is simply not plausible.
> 
> Indeed, also I noticed that ERR_remove_thread_state() was deprecated in
> OpenSSL 1.1 and so I'm kind of back to square 1 again regarding the use of
> deprecated functions.
> 
> All this cleanup before exit(3) is done mostly to please runtime memory
> leak checkers.
> 
> Also EVP_cleanup() and ERR_free_strings() are deprecated according to
> their man page. There is no documentation for CRYPTO_cleanup_all_ex_data()
> but looking at the code it seems to be not important.
> 
> Removing all of them seems to be the best move forward.

I'd like to add one more point for others following along in the public:

Please don't ever use atexit() for this kind of stuff.  On OpenBSD,
atexit() has some self-protecting safety features, but those don't exist
on other systems.  As many, once a program does one atexit() call, if a
bug is found to corrupt the atexit memory chain in libc, nasty stuff can
be done.  People should treat atexit like a loaded gun.

Reply via email to