Uploaded image for project: 'MariaDB Connector/C'
  1. MariaDB Connector/C
  2. CONC-326

ssl_thread_init() uses wrong openssl threadid callback

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.0.3
    • Fix Version/s: 3.0.4
    • Component/s: None
    • Labels:
      None

      Description

      ssl_thread_init() uses wrong openssl threadid callback

      The ssl_thread_init() sets thread and locking callbacks after checking whether
      the application has already set its own thread callbacks.

      Indeed it is correct to do the check and step back if the application has
      installed callbacks already. The problem with the check is that it is
      implemented incorrectly using the deprecated function CRYPTO_get_id_callback(),
      which has been deprecated since version 1.0.0.

      The consequence is that the check does not work when the application uses
      the newer api (CRYPTO_THREADID_set_callback()). In my case both the
      application and the connector set their own locking callbacks which
      led to an application crash on application exit.

      The attached patch fixes the check in a defensive way by checking for
      both legacy callbacks and new style callbacks. It also fixes another location
      where the deprecated api was used erroneously.

      Index: mariadb-connector-c-3.0.3-src/libmariadb/secure/openssl.c
      ===================================================================
      --- mariadb-connector-c-3.0.3-src.orig/libmariadb/secure/openssl.c
      +++ mariadb-connector-c-3.0.3-src/libmariadb/secure/openssl.c
      @@ -255,7 +255,11 @@ static void my_cb_locking(int mode, int
       
       static int ssl_thread_init()
       {
      -  if (!CRYPTO_get_id_callback())
      +  if (!CRYPTO_THREADID_get_callback()
      +#ifndef OPENSSL_NO_DEPRECATED
      +      && !CRYPTO_get_id_callback()
      +#endif
      +      )
         {
           int i, max= CRYPTO_num_locks();
       
      @@ -382,7 +386,7 @@ void ma_tls_end()
           {
             int i;
             CRYPTO_set_locking_callback(NULL);
      -      CRYPTO_set_id_callback(NULL);
      +      CRYPTO_THREADID_set_callback(NULL);
             for (i=0; i < CRYPTO_num_locks(); i++)
               pthread_mutex_destroy(&LOCK_crypto[i]);
             ma_free((gptr)LOCK_crypto);
      
      

        Attachments

          Activity

            People

            Assignee:
            georg Georg Richter
            Reporter:
            St. Pierre Matthias St. Pierre
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Git Integration

                Error rendering 'com.xiplink.jira.git.jira_git_plugin:git-issue-webpanel'. Please contact your Jira administrators.