### Description
On systems running libssl 1.1+, the compile flag `TLS_PTHREAD_MUTEX_SHARED` is set to avoid an issue with deadlocks. However, if the system does not have `pkg-config` installed, the build completes successfully without setting this compile flag. As such, users with this particular configuration are at risk of TLS-related deadlocks.
### Troubleshooting
This scenario arose for me when I experienced suspected TLS-related deadlocks in Kamailio 5.4.1. Particularly, in a simple configuration, multiple UDP workers were using t_relay to near-simultaneously connect to the same TLS host. After some time, the UDP workers stopped responding while executing this simple route block. I cannot definitively conclude this issue was the same deadlock bug. The compile flag `TLS_PTHREAD_MUTEX_SHARED` was not set and `pkg-config` was not installed.
I found [this mailing list thread](https://lists.kamailio.org/pipermail/sr-users/2019-December/107759.… discussing TLS deadlocks and the build process and the user was running Kamailio 5.3.1, libssl 1.1 but did not have `TLS_PTHREAD_MUTEX_SHARED` set. This issue may explain how this user ended up in that situation.
#### Reproduction
Tested against Kamailio 5.4.1 and latest master.
On a system with libssl 1.1+, build (including the `tls` module) with `pkg-config` installed and run `kamailio -I`. `TLS_PTHREAD_MUTEX_SHARED` flag is set.
```
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES, TLS_PTHREAD_MUTEX_SHARED
```
Uninstall `pkg-config` and rebuild. `TLS_PTHREAD_MUTEX_SHARED` flag is not set.
```
Version: kamailio 5.7.0-dev3 (x86_64/linux) b75b6e
Default config: /usr/local/etc/kamailio/kamailio.cfg
Default paths to modules: /usr/local/lib64/kamailio/modules
Compile flags: USE_TCP, USE_TLS, USE_SCTP, TLS_HOOKS, USE_RAW_SOCKS, DISABLE_NAGLE, USE_MCAST, DNS_IP_HACK, SHM_MMAP, PKG_MALLOC, MEM_JOIN_FREE, Q_MALLOC, F_MALLOC, TLSF_MALLOC, DBG_SR_MEMORY, USE_FUTEX, FAST_LOCK-ADAPTIVE_WAIT, USE_DNS_CACHE, USE_DNS_FAILOVER, USE_NAPTR, USE_DST_BLOCKLIST, HAVE_RESOLV_RES
```
When `pkg-config` is not installed, the build also outputs the following log lines, however the build does not fail.
```
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
/bin/sh: 1: pkg-config: not found
```
### Possible Solutions
Some thoughts about options:
1. It looks like effort has been applied in other areas to support the absence of `pkg-config`, so potentially support libssl 1.1+ detection without `pkg-config`.
2. Require `pkg-config` on build and fail without it.
3. Enable `TLS_PTHREAD_MUTEX_SHARED` by default as I assume most people are running libssl 1.1+ these days, and disable it if libssl < 1.1 detected.
Personally I have installed `pkg-config` and rebuilt, however I think for the safety of others building from source that the compile flag should be correctly set or the build should fail.
### Operating System
```
Distributor ID: Debian
Description: Debian GNU/Linux 10 (buster)
Release: 10
Codename: buster
Linux debian-kamailio 4.19.0-20-amd64 #1 SMP Debian 4.19.235-1 (2022-03-17) x86_64 GNU/Linux
```
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3384
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3384(a)github.com>
The current build of kamailio (master) does not set `TLS_PTHREAD_MUTEX_SHARED` when building with `--with-openssl11` on systems with multiple versions of OpenSSL installed resulting in deadlocks in the TLS module.
All module Makefiles look for the `SSL_BUILDER` environment variable to provide a `pkg-config` command to find the `libssl` to link against. The variable is set to `pkg-config libssl11` by the RPM build when specifying `--with-openssl11`. Unfortunately, in `src/Makefile.defs`, there is an alternative way to look for a similar `pkg-config` command. However, this one always uses the `pkg-config libssl`, which - on systems with multiple versions of OpenSSL - usually points to OpenSSL 1.0.x. In turn the build thinks it will link against OpenSSL 1.0.x and will not set `KSR_PTHREAD_MUTEX_SHARED`.
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/issues/3458
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/issues/3458(a)github.com>
Module: kamailio
Branch: master
Commit: 5e0fb402a7755ea22c41c0b8fcefbdf9694442b8
URL: https://github.com/kamailio/kamailio/commit/5e0fb402a7755ea22c41c0b8fcefbdf…
Author: Daniel-Constantin Mierla <miconda(a)gmail.com>
Committer: Daniel-Constantin Mierla <miconda(a)gmail.com>
Date: 2023-05-17T11:24:58+02:00
Makefile.defs: set LIBSSL_SET_MUTEX_SHARED by default to 1
- one can set LIBSSL_SET_MUTEX_SHARED=0 in make command line to switch
to detection mode if it is need to set it or not based on libssl
version
- GH #3458, GH #3384
---
Modified: src/Makefile.defs
---
Diff: https://github.com/kamailio/kamailio/commit/5e0fb402a7755ea22c41c0b8fcefbdf…
Patch: https://github.com/kamailio/kamailio/commit/5e0fb402a7755ea22c41c0b8fcefbdf…
---
diff --git a/src/Makefile.defs b/src/Makefile.defs
index a40cfa55cd3..ca7d525b688 100644
--- a/src/Makefile.defs
+++ b/src/Makefile.defs
@@ -181,7 +181,7 @@ LD_EXTRA_OPTS ?=
# enable workaround for libssl 1.1+ to set shared mutex attribute
-LIBSSL_SET_MUTEX_SHARED ?=
+LIBSSL_SET_MUTEX_SHARED ?= 1
ifneq ($(LIBSSL_SET_MUTEX_SHARED), 1)
ifeq ($(CROSS_COMPILE),)
th_mask_callid_str & th_unmask_callid_str functions used for API call to encode/decode call-ID uses static array declaration for callid_mbuf was unable to free callid data lump after use and leads to memory leak. when these functions was used through API call for topos module memory leak bug as reported
qm_free(): BUG: bad pointer 0x7faec4a7xxxx (out of memory block!) called from core: core/data_lump.c: free_lump(470)
This two funtions are not used other than API.
<!-- Kamailio Pull Request Template -->
<!--
IMPORTANT:
- for detailed contributing guidelines, read:
https://github.com/kamailio/kamailio/blob/master/.github/CONTRIBUTING.md
- pull requests must be done to master branch, unless they are backports
of fixes from master branch to a stable branch
- backports to stable branches must be done with 'git cherry-pick -x ...'
- code is contributed under BSD for core and main components (tm, sl, auth, tls)
- code is contributed GPLv2 or a compatible license for the other components
- GPL code is contributed with OpenSSL licensing exception
-->
#### Pre-Submission Checklist
<!-- Go over all points below, and after creating the PR, tick all the checkboxes that apply -->
<!-- All points should be verified, otherwise, read the CONTRIBUTING guidelines from above-->
<!-- If you're unsure about any of these, don't hesitate to ask on sr-dev mailing list -->
- [ ] Commit message has the format required by CONTRIBUTING guide
- [ ] Commits are split per component (core, individual modules, libs, utils, ...)
- [ ] Each component has a single commit (if not, squash them into one commit)
- [ ] No commits to README files for modules (changes must be done to docbook files
in `doc/` subfolder, the README file is autogenerated)
#### Type Of Change
- [ ] Small bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds new functionality)
- [ ] Breaking change (fix or feature that would change existing functionality)
#### Checklist:
<!-- Go over all points below, and after creating the PR, tick the checkboxes that apply -->
- [ ] PR should be backported to stable branches
- [ ] Tested changes locally
- [ ] Related to issue #XXXX (replace XXXX with an open issue number)
#### Description
<!-- Describe your changes in detail -->
You can view, comment on, or merge this pull request online at:
https://github.com/kamailio/kamailio/pull/3456
-- Commit Summary --
* topoh: memory leak fix for API call
-- File Changes --
M src/modules/topoh/th_msg.c (36)
-- Patch Links --
https://github.com/kamailio/kamailio/pull/3456.patchhttps://github.com/kamailio/kamailio/pull/3456.diff
--
Reply to this email directly or view it on GitHub:
https://github.com/kamailio/kamailio/pull/3456
You are receiving this because you are subscribed to this thread.
Message ID: <kamailio/kamailio/pull/3456(a)github.com>