[openssl-dev] [BUG] Data races in lhash.c
Dmitry Sobinov
dmitry at addlive.com
Wed Nov 11 04:06:08 UTC 2015
Got some reports from clang Thread Sanitizer about concurrent access to
shared variables from _LHASH structure in crypto/lhash/lhash.c. Following
members are written/read are not protected:
error, num_hash_calls, num_hash_comps, num_comp_calls, num_retrieve.
Can be reproduced by creating many SSL_CTX contexts in concurrent threads.
One of the report from TSan:
==================
WARNING: ThreadSanitizer: data race (pid=21810)
Write of size 8 at 0x7d2c0000aff0 by thread T4:
#0 getrn
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/lhash/lhash.c:408
(test_app+0x0000007f9ebb)
#1 lh_retrieve
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/lhash/lhash.c:248
(test_app+0x0000007faa17)
#2 OBJ_NAME_get
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/objects/o_names.c:167
(test_app+0x000000782a05)
#3 EVP_get_digestbyname
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/evp/names.c:124
(test_app+0x00000081189d)
#4 SSL_CTX_new
/home/dmitry.sobinov/builds/openssl-1.0.2d/ssl/ssl_lib.c:1963
(test_app+0x00000074fe09)
Previous write of size 8 at 0x7d2c0000aff0 by thread T8:
#0 getrn
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/lhash/lhash.c:408
(test_app+0x0000007f9ebb)
#1 lh_retrieve
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/lhash/lhash.c:248
(test_app+0x0000007faa17)
#2 OBJ_NAME_get
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/objects/o_names.c:167
(test_app+0x000000782a05)
#3 EVP_get_digestbyname
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/evp/names.c:124
(test_app+0x00000081189d)
#4 SSL_CTX_new
/home/dmitry.sobinov/builds/openssl-1.0.2d/ssl/ssl_lib.c:1963
(test_app+0x00000074fe09)
Location is heap block of size 176 at 0x7d2c0000af50 allocated by main
thread:
#0 malloc <null> (test_app+0x000000367c3d)
#1 default_malloc_ex
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/mem.c:79
(test_app+0x00000077bce0)
#2 CRYPTO_malloc
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/mem.c:342
(test_app+0x00000077cd33)
#3 lh_new
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/lhash/lhash.c:120
(test_app+0x0000007f8864)
#4 OBJ_NAME_init
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/objects/o_names.c:61
(test_app+0x0000007824a6)
#5 OBJ_NAME_add
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/objects/o_names.c:185
(test_app+0x000000782b39)
#6 EVP_add_cipher
/home/dmitry.sobinov/builds/openssl-1.0.2d/crypto/evp/names.c:74
(test_app+0x00000081157d)
#7 SSL_library_init
/home/dmitry.sobinov/builds/openssl-1.0.2d/ssl/ssl_algs.c:68
(test_app+0x0000007749f0)
#8 do_init
/home/dmitry.sobinov/libs_tsan_cxx/include/boost/asio/ssl/detail/impl/openssl_init.ipp:39
(test_app+0x0000004000a4)
#9 boost::asio::ssl::detail::openssl_init_base::instance()
/home/dmitry.sobinov/libs_tsan_cxx/include/boost/asio/ssl/detail/impl/openssl_init.ipp:131
(test_app+0x0000003fffb0)
#10 openssl_init
/home/dmitry.sobinov/libs_tsan_cxx/include/boost/asio/ssl/detail/openssl_init.hpp:60
(test_app+0x0000003face9)
#11 __cxx_global_var_init.25
/home/dmitry.sobinov/libs_tsan_cxx/include/boost/asio/ssl/detail/openssl_init.hpp:90
(test_app+0x0000003429c2)
#12 __libc_csu_init <null> (test_app+0x000000a9862c)
---
Regards,
Dmitry Sobinov
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20151111/d913aabf/attachment-0001.html>
More information about the openssl-dev
mailing list