[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4723) SEGV in syncprov search

Actually, this could be it exactly. To my reading, the 0.9.8d tarball 
still defaults to (an extremely dangerous) getpid(). 2.3.30 never uses 
CRYPTO_set_id_callback. And the most recent thread I see on the matter 
ended (http://www.mail-archive.com/openssl-dev@openssl.org/msg21037.html) 
with an attitude of "Yeah, if anything, we should make things break more 
frequently when there's no callback set." Perhaps we should be adding one, 
with a bit of platform awareness through lutil?

On Wed, 29 Nov 2006, Howard Chu wrote:

> Aaron Richton wrote:
>> I'm on latest 0.9.7 release. I can try and put together a slapd with 
>> 0.9.8d, and I guess if we're going to (potentially?) be pointing fingers 
>> toward OpenSSL that's a good idea anyway...
> Yes, definitely a good idea. The prior releases always used getpid() to 
> determine the threadID of the current thread, to decide if locking was 
> needed. This is obviously only correct on old systems running LinuxThreads, 
> where each thread was actually a separate process. It's surprising that it 
> wasn't until recently that we've started seeing crashes caused by this bug.