[PATCH] Manually cleanup OpenSSL from dovecot_openssl_common_global_unref()
Aki Tuomi
aki.tuomi at dovecot.fi
Tue Nov 15 11:46:05 UTC 2016
On 13.11.2016 20:04, Apollon Oikonomopoulos wrote:
> OpenSSL 1.1 features a cleanup function that is automatically run on shutdown
> using atexit(3). This function frees all OpenSSL-allocated resources.
>
> In dovecot, OpenSSL is loaded indirectly using dlopen(3) against the relevant
> dovecot crypto module and is finally unloaded using dlclose(3). Until
> OpenSSL 1.0.1c this worked fine, however OpenSSL 1.0.1c makes sure[1] that the
> library stays loaded after the initial dlclose() so that the atexit(3)
> handlers can run on shutdown. This, together with the fact that dovecot
> uses custom allocation functions for OpenSSL and has already partially
> free()'d some of OpenSSL's resources in module_free(), leads to a
> segfault at process shutdown[2].
>
> We fix this by explicitly calling OPENSSL_cleanup() during module unload. This
> is safe to do, as long as we will never want to subsequently re-initialize
> OpenSSL.
>
> [1] https://github.com/openssl/openssl/commit/4af9f7fe79ff82b90c16969b7e5871435056377b
> [2] https://buildd.debian.org/status/fetch.php?pkg=dovecot&arch=amd64&ver=1:2.2.26.0-2&stamp=1478873022
>
> Signed-off-by: Apollon Oikonomopoulos <apoikos at debian.org>
> ---
> src/lib-ssl-iostream/dovecot-openssl-common.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/lib-ssl-iostream/dovecot-openssl-common.c b/src/lib-ssl-iostream/dovecot-openssl-common.c
> index 51ea3ad..2bf6307 100644
> --- a/src/lib-ssl-iostream/dovecot-openssl-common.c
> +++ b/src/lib-ssl-iostream/dovecot-openssl-common.c
> @@ -101,6 +101,9 @@ bool dovecot_openssl_common_global_unref(void)
> ERR_remove_thread_state(NULL);
> #endif
> ERR_free_strings();
> +#if OPENSSL_VERSION_NUMBER >= 0x10100000L
> + OPENSSL_cleanup();
> +#endif
> return FALSE;
> }
>
Hi!
Your patch is being reviewed.
Aki
More information about the dovecot
mailing list