Fixed the crash issue when a pointer is null. #24381
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
openssl-machine
added
the
hold: cla required
github-actions
bot
added
the
severity: fips change
| @@ -188,6 +188,8 @@ static int err_string_data_cmp(const ERR_STRING_DATA *a, | |||
| static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) | |||
| { | |||
| ERR_STRING_DATA *p = NULL; | |||
| if(err_string_lock == NULL) | |||
There was a problem hiding this comment.
There's a couple of minor issues with this edit: lack of blank line between variable declaration and beginning of code (which was there before this edit) and missing space after if before (.
A smaller change could be to change the old line 192 from
if (!CRYPTO_THREAD_read_lock(err_string_lock))
to
if (err_string_lock == NULL || !CRYPTO_THREAD_read_lock(err_string_lock))
There was a problem hiding this comment.
The problem is that this also does not fix all potential issues with the teardown. I'd instead recommend building openssl with no-atexit configure option.
t8m
added
branch: master
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
When using libcurl, at the time the process is about to exit, openssl will invoke the err_cleanup function, setting err_string_lock to NULL. If other threads are still calling libcurl at this moment, it will cause a crash in the int_err_get_item function.
当我使用libcrul,在进程要退出的时候,openssl会调用err_cleanup将err_string_lock赋值为NULL,此时其他线程还在调用libcurl,在int_err_get_item函数中会产生崩溃