Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
3.1
-
None
-
None
Description
C/C uses CRYPTO_THREADID_set_callback() as
...
|
CRYPTO_THREADID_set_callback(my_cb_threadid);
|
...
|
CRYPTO_THREADID_set_callback(NULL);
|
...
|
this is in openssl.c, the first line works on load, the second — on unload.
But if you look in the openssl-1.0.2 code, you'll see
int CRYPTO_THREADID_set_callback(void (*func) (CRYPTO_THREADID *)) |
{
|
if (threadid_callback) |
return 0; |
threadid_callback = func;
|
that is, CRYPTO_THREADID_set_callback(NULL) does not remove the callback, in fact there is no way to remove the callback after it's set.
This means that a shared library should never ever use CRYPTO_THREADID_set_callback(), because after the shared library is unloaded the callback will point into unallocated memory, and the callback, again, can never be removed.