(ITS#4723) SEGV in syncprov search

Aaron Richton wrote:
> Actually, this could be it exactly. To my reading, the
0.9.8d tarball 
> still defaults to (an extremely dangerous) getpid().
2.3.30 never uses 
> CRYPTO_set_id_callback. And the most recent thread I
see on the matter 
> ended 
> (http://www.ma
il-archive.com/openssl-devopenssl.org/msg21037.html)
with 
> an attitude of "Yeah, if anything, we should make
things break more 
> frequently when there's no callback set." Perhaps
we should be adding 
> one, with a bit of platform awareness through lutil?

In the current OpenSSL, the address of errno is tested as
well. Since 
this is always unique per thread, there's really no need to
set the id 
callback any more. The problem with just using
CRYPTO_set_id_callback is 
that it doesn't work on platforms where a thread ID is not
an integer 
(e.g. OS/390). I don't think CRYPTO_set_idptr_callback was
available in 
earlier OpenSSL releases.

Too bad they didn't define CRYPTO_set_id_callback correctly,
to return 
the actual type of a thread ID instead of unsigned long.
> 
> On Wed, 29 Nov 2006, Howard Chu wrote:
> 
>> Aaron Richton wrote:
>>> I'm on latest 0.9.7 release. I can try and put
together a slapd with 
>>> 0.9.8d, and I guess if we're going to
(potentially?) be pointing 
>>> fingers toward OpenSSL that's a good idea
anyway...
>>
>> Yes, definitely a good idea. The prior releases
always used getpid() 
>> to determine the threadID of the current thread, to
decide if locking 
>> was needed. This is obviously only correct on old
systems running 
>> LinuxThreads, where each thread was actually a
separate process. It's 
>> surprising that it wasn't until recently that we've
started seeing 
>> crashes caused by this bug.
> 
> .
> 


-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc

   OpenLDAP Core Team            http://www.openldap.
org/project/