Accueil Explorer Aide
Connexion
Kamailio
/
kamailio
miroir de https://github.com/kamailio/kamailio.git
2
0
Fork 0
Fichiers Tickets 0 Wiki
Parcourir la source

- workarround for openssl kerberos malloc bug:
openssl kerberos code in kssl.c uses libc malloc/free/calloc instead
of the OPENSSL* versions (set using CRYPTO_set_mem_functions()). In ser
ssl connections "move" between processes and so everything must be
allocated in shared mem. If the wrong malloc function are called ser
will eventually crash. This workarround tries to disable kerberos support
each time a new SSL structure is created. For this fix to work is important
to either use statically linked openssl or re-compile ser on the target
machine (if openssl is linked dynamically then it must use the same
compilation options as the machine on which ser is compiled).
Bug reporterd by Atle Samuelsen <[email protected]>.

Andrei Pelinescu-Onciul il y a 18 ans
Parent
8628de2247
commit
5bfdfbc139
1 fichiers modifiés avec 17 ajouts et 0 suppressions
Vue séparée Afficher les stats Diff
  1. 17 0
      ISSUES

+ 17 - 0
ISSUES
Voir le fichier 

@@ -8,6 +8,23 @@ ordered by numbers of ser versions to which they relate,
 
 beginning with the newest release. Issues related to
 
 operating systems are summarized in the bottom.
 
 --------------------------------------------------------------
 
+Desc: tls triggered crash on system with kerberos enabled openssl libs
 
+Ser version:  0.10.x, 0.9.x
 
+Reason:  there is a bug in the openssl kerberos code (kssl.c): 
+         libc malloc/free/calloc are used instead of the OPENSSL
 
+         versions. In ser ssl connections move between processes and
 
+         if normal mallocs are used (instead of ser shm versions) a
 
+         crash will occur eventually.
 
+         Quick openssl kerberos support check: 
+             grep OPENSSL_NO_KRB5 openssl/opensslconf.h
 
+         If the above command returns no result => openssl is compiled with
 
+         kerberos support.
 
+Workaround: use openssl versions not compiled with kerberos support or
 
+            try a late ser 0.10.x version compiled on the target machine
 
+            (its very important to compile against the same openssl library
 
+             as the one on the target machine)
 
+CVS status: fixed / workarround enabled
 
+--------------------------------------------------------------
 
 Desc: ser crashes on startup if a group is specified (-g or group=)
 
 Ser version:  <=0.8.12
 
 Reason:  bad copy & paste :-)