[Devel] SF.net SVN: openser: [1758] trunk/tls

Bogdan-Andrei Iancu bogdan at voice-system.ro
Tue Apr 3 11:02:02 CEST 2007 

Hi Klaus,

thanks for pointing is out - I will take care of this.

regards,
bogdan

Klaus Darilion wrote:
> I wonder why this was not backported to 1.1?
>
> regards
> klaus
>
>
> Bogdan-Andrei Iancu wrote:
>> Revision: 1758
>>           http://openser.svn.sourceforge.net/openser/?rev=1758&view=rev
>> Author:   bogdan_iancu
>> Date:     2007-03-06 09:06:36 -0800 (Tue, 06 Mar 2007)
>>
>> Log Message:
>> -----------
>> - fixed bug when the ssl library you compile against uses kerberos. 
>> Kerberos
>>   implementaion is faulty when comes to memory management as it 
>> always use the
>>   libc malloc/free (for the kerberos context). And the SSL structure 
>> is kept in
>>   shm memory and moved across processes, so the link from SSL to 
>> krb_ctx will
>>   become broken (point into private memory of another process).
>>
>>   The fix is to imediatly free the krb_ctx (if kerberos is compiled 
>> in) to
>>   avoid the broken mem reference.
>>
>>   At compile time, the kerberos presnece is tested (OPENSSL_NO_KRB5) 
>> to see if
>>   the fix should be activated or not.
>>
>>   At runtime, the code performs a check to see if the library you are 
>> running
>>   agaist is the same as the one you compilled against (from kerberos 
>> presence
>>   point of view). This prevents crashes like: compile openser against 
>> an openssl
>>   with no kerberos (so the fix will not be activated) and later run 
>> it agaist
>>   an openssl with kerberos.
>>   If differences are detected, openser will not start and you 
>> probably need to
>>   recompile it locally.
>>
>>   Thanks to Paulo Angonese <angonese at via-rs.net> and 
>> ohad.levy at infineon.com
>>   for report and help in debugging this.
>>
>> Modified Paths:
>> --------------
>>     trunk/tls/tls_init.c
>>     trunk/tls/tls_server.c
>>
>>
>> This was sent by the SourceForge.net collaborative development 
>> platform, the world's largest Open Source development site.
>>
>> _______________________________________________
>> Devel mailing list
>> Devel at openser.org
>> http://openser.org/cgi-bin/mailman/listinfo/devel
>
>

More information about the Devel mailing list