Calling OpenSSL_thread_stop() multiple times
Martin Bonner
Martin.Bonner at entrust.com
Thu Aug 24 07:38:47 UTC 2023
> I have fixed the leak by moving Openssl_thread_stop() to dll_thread_detach.
Beware! Here be dragons!
dll_thread_detach is called from DllMain when that is called with
dwReason==DLL_THREAD_DETACH.
The significance of this is that there are quite severe limitations on what you
can do inside DllMain. See:
https://learn.microsoft.com/en-us/windows/win32/dlls/dllmain and
https://learn.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-best-practices
I have two particular concerns:
* Openssl_thread_stop is not documented as being safe to call from DllMain
(it would be awesome if it was) - and although it way work today, somebody may
make a change which means it stops working tomorrow.
* I rather expect Openssl_thread_stop calls into all loaded providers - and if
your customer has a third-party provider loaded which you haven't tested with,
things could go wrong.
The only suggestion I have as to how to fix this is "submit a PR to document
that Openssl_thread_stop/Openssl_thread_stop_ex are safe to call from DllMain"
- preferably with the additions of loads of comments to the relevant code.
Apart from that, do lots of testing, and be prepared for issues.
--
Martin Bonner
Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
More information about the openssl-users
mailing list