[Devel] SF.net SVN: openser: [1758] trunk/tls

Klaus Darilion klaus.mailinglists at pernau.at
Mon Mar 19 08:46:23 CET 2007


I wonder why this was not backported to 1.1?

regards
klaus


Bogdan-Andrei Iancu wrote:
> Revision: 1758
>           http://openser.svn.sourceforge.net/openser/?rev=1758&view=rev
> Author:   bogdan_iancu
> Date:     2007-03-06 09:06:36 -0800 (Tue, 06 Mar 2007)
> 
> Log Message:
> -----------
> - fixed bug when the ssl library you compile against uses kerberos. Kerberos
>   implementaion is faulty when comes to memory management as it always use the
>   libc malloc/free (for the kerberos context). And the SSL structure is kept in
>   shm memory and moved across processes, so the link from SSL to krb_ctx will
>   become broken (point into private memory of another process).
> 
>   The fix is to imediatly free the krb_ctx (if kerberos is compiled in) to
>   avoid the broken mem reference.
> 
>   At compile time, the kerberos presnece is tested (OPENSSL_NO_KRB5) to see if
>   the fix should be activated or not.
> 
>   At runtime, the code performs a check to see if the library you are running
>   agaist is the same as the one you compilled against (from kerberos presence
>   point of view). This prevents crashes like: compile openser against an openssl
>   with no kerberos (so the fix will not be activated) and later run it agaist
>   an openssl with kerberos.
>   If differences are detected, openser will not start and you probably need to
>   recompile it locally.
> 
>   Thanks to Paulo Angonese <angonese at via-rs.net> and ohad.levy at infineon.com
>   for report and help in debugging this.
> 
> Modified Paths:
> --------------
>     trunk/tls/tls_init.c
>     trunk/tls/tls_server.c
> 
> 
> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
> 
> _______________________________________________
> Devel mailing list
> Devel at openser.org
> http://openser.org/cgi-bin/mailman/listinfo/devel


-- 
Klaus Darilion
nic.at




More information about the Devel mailing list