[sr-dev] Re: [kamailio/kamailio] tls.reload during tls relaying cause tls memory double free if done every second (Issue #3319)

1.Although it was a low-frequency operation, But we found a serious problem with the code that caused this problem using the openSSL API. 2.reason: The main process first initializes the TLS module, causing the OpenSSL Error queue to initialize, followed by the fork process, the child process does not initialize in the error queue (multiple processes share the error memory), and the OpenSSL API of multiple child processes may have a double free when the error queue is free main.cp for init TLS #ifdef USE_TCP #ifdef USE_TLS if (!tls_disable){ if (!tls_loaded()){ LM_WARN("tls support enabled, but no tls engine " " available (forgot to load the tls module?)\n"); LM_WARN("disabling tls...\n"); tls_disable=1; } else { if (pre_init_tls()<0){ LM_CRIT("could not pre-initialize tls, exiting...\n"); goto error; } } } #endif /* USE_TLS */ #endif /* USE_TCP */ --------->openssl err.c this state , multiple child processes ,share the error memory,and may have a double free when the error queue is free ERR_STATE *ERR_get_state(void) { ERR_STATE *state; int saveerrno = get_last_sys_error(); if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL)) return NULL; if (!RUN_ONCE(&err_init, err_do_init)) return NULL; state = CRYPTO_THREAD_get_local(&err_thread_local); if (state == (ERR_STATE*)-1) return NULL; if (state == NULL) { if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1)) return NULL; if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) { CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; } if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE) || !CRYPTO_THREAD_set_local(&err_thread_local, state)) { ERR_STATE_free(state); CRYPTO_THREAD_set_local(&err_thread_local, NULL); return NULL; } /* Ignore failures from these */ OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); } set_sys_error(saveerrno); return state; } -- Reply to this email directly or view it on GitHub: https://github.com/kamailio/kamailio/issues/3319#issuecomment-1368146127 You are receiving this because you are subscribed to this thread. Message ID: &lt;kamailio/kamailio/issues/3319/1368146127(a)github.com&gt;