Add a lock around the OBJ_NAME table#3525
Conversation
openssl-machine
added
the
hold: cla required
Various initialization functions modify this table, which can cause heap corruption in the absence of external synchronization. Fixes openssl#3505
|
CLA received - thank you! |
mattcaswell
removed
the
hold: cla required
crypto/objects/o_names.c
Outdated
There was a problem hiding this comment.
Too much indentation here! Indent the label one space and the other lines 4 spaces
Also the preferred style is now to not put () around a return expression (where we touch code that has that we remove it).
crypto/objects/o_names.c
Outdated
There was a problem hiding this comment.
Remove the () for return expression.
crypto/objects/o_names.c
Outdated
There was a problem hiding this comment.
I think a write lock is required here, lh_OBJ_NAME_retrieve() updates internal stats.
There was a problem hiding this comment.
FWIW, there's other code which takes a read lock around lh_*_retrieve, like ssl_get_prev_session and int_err_get_item. But there's also performance reasons why you'd probably not want a write lock around those. I would have suggested taking those stats out, but sadly they're public API by way of OPENSSL_LH_stats_bio...
There was a problem hiding this comment.
It looks like the tracked statistics are just a couple of counters, so we could swap over to atomic operations and avoid write locking.
There was a problem hiding this comment.
Yes, that is a great idea. We have CRYPTO_atomic_add() for that. Do you want to pick that up as part of this PR, or should we defer it to another one?
There was a problem hiding this comment.
yeah, agree with @sfackler's suggestion. hope he does it :)
There was a problem hiding this comment.
I don't think we can take this PR without the atomic add stuff.
There was a problem hiding this comment.
Yep, I'll update tonight.
There was a problem hiding this comment.
Updated - it's kind of awful. Does anyone actually use OPENSSL_LH_stats_bio? It'd be great to remove the statistics tracking entirely and have that thing print a message about stats no longer being recorded.
There was a problem hiding this comment.
Probably not. It was used by the since removed -stats flag for the errstr command. We removed it, and I've never seen anything notice.
There was a problem hiding this comment.
yeah, but ... we tend to be real picky about compatibility. i'd like to turn it off, then remove it. but sigh ...
crypto/objects/o_names.c
Outdated
sfackler
force-pushed
the
obj-name-sync-fix
branch
from
efd1f7b to
aca3c7e
Compare
|
Updated! |
mattcaswell
left a comment
mattcaswell
left a comment
There was a problem hiding this comment.
Approved subject to one minor nit being fixed.
crypto/lhash/lhash_lcl.h
Outdated
There was a problem hiding this comment.
Wrong comment style. Multi-line comments should look like this:
/*
* My multi-line
* comment
*/
mattcaswell
left a comment
mattcaswell
left a comment
There was a problem hiding this comment.
Damn...meant to select "approve" not "request changes"....still subject to the one minor nit fix.
|
I think the comment style is also not supported by C89? We at
least have no code with that style of comment.
|
sfackler
force-pushed
the
obj-name-sync-fix
branch
from
0a02153 to
1b636a4
Compare
|
I think this is ready to land. |
|
Reconfirmed. Still looking for a second team approval. |
richsalz
left a comment
richsalz
left a comment
There was a problem hiding this comment.
minor change, then approved.
crypto/lhash/lhash.c
Outdated
There was a problem hiding this comment.
free of a NULL pointer is fine. As long as ret is init'd (via zalloc or explicitly), then you can collapse to one goto label.
Some stats are modified from OPENSSL_LH_retrieve, where callers aren't expecting to have to take out an exclusive lock. Switch to using atomic operations for those stats.
sfackler
force-pushed
the
obj-name-sync-fix
branch
from
1b636a4 to
3b118a4
Compare
|
@richsalz - can you confirm your approval? |
|
+1 reconfirm |
|
Is there anything left to do here on my end? |
|
no, just the occasional post as things fall through the cracks :) |
Various initialization functions modify this table, which can cause heap corruption in the absence of external synchronization. Some stats are modified from OPENSSL_LH_retrieve, where callers aren't expecting to have to take out an exclusive lock. Switch to using atomic operations for those stats. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from #3525)
Various initialization functions modify this table, which can cause heap corruption in the absence of external synchronization. Some stats are modified from OPENSSL_LH_retrieve, where callers aren't expecting to have to take out an exclusive lock. Switch to using atomic operations for those stats. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from #3525) (cherry picked from commit be606c0)
|
Thanks! |
Various initialization functions modify this table, which can cause heap corruption in the absence of external synchronization. Some stats are modified from OPENSSL_LH_retrieve, where callers aren't expecting to have to take out an exclusive lock. Switch to using atomic operations for those stats. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#3525) (cherry picked from commit be606c0)
Various initialization functions modify this table, which can cause heap corruption in the absence of external synchronization. Some stats are modified from OPENSSL_LH_retrieve, where callers aren't expecting to have to take out an exclusive lock. Switch to using atomic operations for those stats. Reviewed-by: Matt Caswell <[email protected]> Reviewed-by: Rich Salz <[email protected]> (Merged from openssl#3525) (cherry picked from commit be606c0)
6 participants
Various initialization functions modify this table, which can cause heap
corruption in the absence of external synchronization.
Fixes #3505