Message 218995 - Python tracker

➜

This issue tracker has been migrated to GitHub, and is currently read-only.
For more information, see the GitHub FAQs in the Python's Developer Guide.

Author	Ryan.Calhoun
Recipients	Ryan.Calhoun
Date	2014-05-23.20:45:48
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1400877951.59.0.344409625471.issue21564@psf.upfronthosting.co.za>
In-reply-to

Content
OpenSSL, specifically libcrypto, includes functions EVP_MD_CTX_create() and EVP_MD_CTX_destroy(), such that the application code only needs to forward declare the EVP_MD_CTX* pointer type. Declaring the EVP_MD_CTX variable type directly requires compile-time knowledge of the size of the structure. This knowledge will be wrong when compiling with headers from OpenSSL 0.9.8 and dynamically linking at run time against OpenSSL 1.0.1. Result is a SIGSEGV as follows: (gdb) bt #0 0x00007ffff03b71a0 in EVP_PKEY_CTX_dup () from /usr/lib64/libcrypto.so #1 0x00007ffff03a90cd in EVP_MD_CTX_copy_ex () from /usr/lib64/libcrypto.so #2 0x00007ffff110da8a in EVPnew (name_obj=0x7ffff7ef45a8, digest=0x0, initial_ctx=0x7ffff130fbc0, cp=0x0, len=0) at /home/ryan/vaas/python/2.7.6/build/src/Python-2.7.6/Modules/_hashopenssl.c:436 #3 0x00007ffff110de10 in EVP_new_md5 (self=<value optimized out>, args=<value optimized out>) at /home/ryan/vaas/python/2.7.6/build/src/Python-2.7.6/Modules/_hashopenssl.c:540 The attached patch updates all declarations in _hashopenssl.c to be pointers initialized by calling EVP_MD_CTX_create(). The patch is done against source version 3.4.1. I have a similar patch for version 2.7.6, but can only attach one file here?

OpenSSL, specifically libcrypto, includes functions EVP_MD_CTX_create() and EVP_MD_CTX_destroy(), such that the application code only needs to forward declare the EVP_MD_CTX* pointer type.

Declaring the EVP_MD_CTX variable type directly requires compile-time knowledge of the size of the structure. This knowledge will be wrong when compiling with headers from OpenSSL 0.9.8 and dynamically linking at run time against OpenSSL 1.0.1. Result is a SIGSEGV as follows:

(gdb) bt
#0  0x00007ffff03b71a0 in EVP_PKEY_CTX_dup () from /usr/lib64/libcrypto.so
#1  0x00007ffff03a90cd in EVP_MD_CTX_copy_ex () from /usr/lib64/libcrypto.so
#2  0x00007ffff110da8a in EVPnew (name_obj=0x7ffff7ef45a8, digest=0x0, initial_ctx=0x7ffff130fbc0, cp=0x0, len=0)
    at /home/ryan/vaas/python/2.7.6/build/src/Python-2.7.6/Modules/_hashopenssl.c:436
#3  0x00007ffff110de10 in EVP_new_md5 (self=<value optimized out>, args=<value optimized out>)
    at /home/ryan/vaas/python/2.7.6/build/src/Python-2.7.6/Modules/_hashopenssl.c:540

The attached patch updates all declarations in _hashopenssl.c to be pointers initialized by calling EVP_MD_CTX_create(). The patch is done against source version 3.4.1. I have a similar patch for version 2.7.6, but can only attach one file here?

History
Date	User	Action	Args
2014-05-23 20:45:51	Ryan.Calhoun	set	recipients: + Ryan.Calhoun
2014-05-23 20:45:51	Ryan.Calhoun	set	messageid: <1400877951.59.0.344409625471.issue21564@psf.upfronthosting.co.za>
2014-05-23 20:45:51	Ryan.Calhoun	link	issue21564 messages
2014-05-23 20:45:50	Ryan.Calhoun	create