From 8fffa055139031331f1a069be2554b15b5511bbe Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 14 Oct 2014 21:47:07 +0900 Subject: [PATCH] src: Fix possible heap-use-after free for OpenSSL global locking This is simply programming error, but it is interesting that using libstdc++ does not reveal this error. With clang++-libc++, we got std::system_error: mutex lock faild: Invalid argument. This is because we did not give a name to lock object, so it is immediately destructed. I think this will fix the reported crash on Mac OSX. --- src/h2load.cc | 2 +- src/nghttpd.cc | 2 +- src/shrpx.cc | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/h2load.cc b/src/h2load.cc index f60ffeaf..53db71c9 100644 --- a/src/h2load.cc +++ b/src/h2load.cc @@ -812,7 +812,7 @@ int main(int argc, char **argv) SSL_library_init(); #ifndef NOTHREADS - ssl::LibsslGlobalLock(); + ssl::LibsslGlobalLock lock; #endif // NOTHREADS auto ssl_ctx = SSL_CTX_new(SSLv23_client_method()); diff --git a/src/nghttpd.cc b/src/nghttpd.cc index a75a23b9..d037615e 100644 --- a/src/nghttpd.cc +++ b/src/nghttpd.cc @@ -296,7 +296,7 @@ int main(int argc, char **argv) SSL_load_error_strings(); SSL_library_init(); #ifndef NOTHREADS - ssl::LibsslGlobalLock(); + ssl::LibsslGlobalLock lock; #endif // NOTHREADS reset_timer(); diff --git a/src/shrpx.cc b/src/shrpx.cc index 1bb3ea51..65277894 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -1621,7 +1621,7 @@ int main(int argc, char **argv) SSL_load_error_strings(); SSL_library_init(); #ifndef NOTHREADS - nghttp2::ssl::LibsslGlobalLock(); + nghttp2::ssl::LibsslGlobalLock lock; #endif // NOTHREADS if(conf_exists(get_config()->conf_path.get())) {