[ruby-cvs:62263] rhe:r55100 (trunk): openssl: fix possible SEGV on race between SSLSocket#stop and #connect

rhe at ruby-lang.org rhe at ruby-lang.org
Sat May 21 16:25:00 JST 2016


rhe	2016-05-21 16:25:00 +0900 (Sat, 21 May 2016)

  New Revision: 55100

  https://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=55100

  Log:
    openssl: fix possible SEGV on race between SSLSocket#stop and #connect
    
    * ext/openssl/ossl_ssl.c (ossl_ssl_stop): Don't free the SSL struct
      here. Since some methods such as SSLSocket#connect releases GVL,
      there is a chance of use after free if we free the SSL from another
      thread. SSLSocket#stop was documented as "prepares it for another
      connection" so this is a slightly incompatible change. However when
      this sentence was added (r30090, Add toplevel documentation for
      OpenSSL, 2010-12-06), it didn't actually. The current behavior is
      from r40304 (Correct shutdown behavior w.r.t GC., 2013-04-15).
      [ruby-core:74978] [Bug #12292]
    
    * ext/openssl/lib/openssl/ssl.rb (sysclose): Update doc.
    
    * test/openssl/test_ssl.rb: Test this.

  Modified files:
    trunk/ChangeLog
    trunk/ext/openssl/lib/openssl/ssl.rb
    trunk/ext/openssl/ossl_ssl.c
    trunk/test/openssl/test_ssl.rb


More information about the ruby-cvs mailing list