Author ssoria
Recipients janssen, ssoria
Date 2010-01-10.20:52:01
SpamBayes Score 1.16336e-05
Marked as misclassified No
Message-id <1263156723.76.0.110794213005.issue7672@psf.upfronthosting.co.za>
In-reply-to
Content
I seem to have a rather unique setup that causes this crash to be 100% reproducible. My application embeds python in order to execute user code. It is constantly loading and unloading the libraries so that they're only in memory during execution of user code. The problem I'm seeing is with the calls to CRYPTO_set_locking_callback and CRYPTO_set_id_callback in _setup_ssl_threads in _ssl.c. These calls will override whatever callbacks my application has already set up, and then when we unload python, callbacks are never restored. When my application later makes an SSL call that requires use of locking_callback or id_callback, it will attempt to call one of the functions in _ssl.so address space. Since nothing is there, this causes the program to crash. Worse yet would be if something were loaded into the same address space and arbitrary code were executed (though I don't see how malicious code could be executed in this way).

I haven't confirmed with other version of Python, but this was discovered while upgrading the embedded version from 2.4.5 to 2.6.4, so it's very likely to exist in many other version since the code was put in place in 2007.
History
Date User Action Args
2010-01-10 20:52:03ssoriasetrecipients: + ssoria, janssen
2010-01-10 20:52:03ssoriasetmessageid: <1263156723.76.0.110794213005.issue7672@psf.upfronthosting.co.za>
2010-01-10 20:52:02ssorialinkissue7672 messages
2010-01-10 20:52:01ssoriacreate