1.Although it was a low-frequency operation, But we found a serious problem with the code that caused this problem using the openSSL API.

2.reason:
The main process first initializes the TLS module, causing the OpenSSL Error queue to initialize, followed by the fork process, the child process does not initialize in the error queue (multiple processes share the error memory), and the OpenSSL API of multiple child processes may have a double free when the error queue is free

main.cp for init TLS
#ifdef USE_TCP
#ifdef USE_TLS
if (!tls_disable){
if (!tls_loaded()){
LM_WARN("tls support enabled, but no tls engine "
" available (forgot to load the tls module?)\n");
LM_WARN("disabling tls...\n");
tls_disable=1;
} else {
if (pre_init_tls()<0){
LM_CRIT("could not pre-initialize tls, exiting...\n");
goto error;
}
}
}
#endif /* USE_TLS /
#endif /
USE_TCP */

--------->openssl err.c this state , multiple child processes ,share the error memory,and may have a double free when the error queue is free
ERR_STATE *ERR_get_state(void)
{
ERR_STATE *state;
int saveerrno = get_last_sys_error();

if (!OPENSSL_init_crypto(OPENSSL_INIT_BASE_ONLY, NULL))
return NULL;

if (!RUN_ONCE(&err_init, err_do_init))
return NULL;

state = CRYPTO_THREAD_get_local(&err_thread_local);
if (state == (ERR_STATE*)-1)
return NULL;

if (state == NULL) {
if (!CRYPTO_THREAD_set_local(&err_thread_local, (ERR_STATE*)-1))
return NULL;

   if ((state = OPENSSL_zalloc(sizeof(*state))) == NULL) {
       CRYPTO_THREAD_set_local(&err_thread_local, NULL);
       return NULL;
   }

   if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ERR_STATE)
           || !CRYPTO_THREAD_set_local(&err_thread_local, state)) {
       ERR_STATE_free(state);
       CRYPTO_THREAD_set_local(&err_thread_local, NULL);
       return NULL;
   }

   /* Ignore failures from these */
   OPENSSL_init_crypto(OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL);

}

set_sys_error(saveerrno);
return state;
}


Reply to this email directly, view it on GitHub, or unsubscribe.
You are receiving this because you are subscribed to this thread.Message ID: <kamailio/kamailio/issues/3319/1368146127@github.com>