mirror of
git://slackware.nl/current.git
synced 2025-01-22 07:27:59 +01:00
646a5c1cbf
a/pkgtools-15.0-noarch-13.txz: Rebuilt. installpkg: default line length for --terselength is the number of columns. removepkg: added --terse mode. upgradepkg: default line length for --terselength is the number of columns. upgradepkg: accept -option in addition to --option. ap/vim-8.1.0026-x86_64-1.txz: Upgraded. d/bison-3.0.5-x86_64-1.txz: Upgraded. e/emacs-26.1-x86_64-1.txz: Upgraded. kde/kopete-4.14.3-x86_64-8.txz: Rebuilt. Recompiled against libidn-1.35. n/conntrack-tools-1.4.5-x86_64-1.txz: Upgraded. n/libnetfilter_conntrack-1.0.7-x86_64-1.txz: Upgraded. n/libnftnl-1.1.0-x86_64-1.txz: Upgraded. n/links-2.16-x86_64-2.txz: Rebuilt. Rebuilt to enable X driver for -g mode. n/lynx-2.8.9dev.19-x86_64-1.txz: Upgraded. n/nftables-0.8.5-x86_64-1.txz: Upgraded. n/p11-kit-0.23.11-x86_64-1.txz: Upgraded. n/ulogd-2.0.7-x86_64-1.txz: Upgraded. n/whois-5.3.1-x86_64-1.txz: Upgraded. xap/network-manager-applet-1.8.12-x86_64-1.txz: Upgraded. xap/vim-gvim-8.1.0026-x86_64-1.txz: Upgraded.
89 lines
3.8 KiB
Diff
89 lines
3.8 KiB
Diff
From 02a0e03e24bc96bba2e5ea2438c30baf803fd137 Mon Sep 17 00:00:00 2001
|
|
From: Christophe Fergeau <cfergeau@redhat.com>
|
|
Date: Tue, 25 Apr 2017 14:09:48 +0200
|
|
Subject: [PATCH] Avoid double free with OpenSSL 1.1.0
|
|
|
|
Since commit OpenSSL_1_1_0-pre3~178
|
|
https://github.com/openssl/openssl/commit/b184e3ef73200cb3b7914a603b43a5b8a074c85f
|
|
OpenSSL automatically cleans up some of its internal data when the
|
|
program exits. This conflicts with some similar clean up
|
|
libimobiledevice attempts to do, which causes a double-free.
|
|
SSL_COMP_free_compression_methods() was available in OpenSSL 1.0.2,
|
|
and is still there in 1.1.0 as a no-op, so we can use that to free
|
|
the compression methods.
|
|
|
|
This bug can be hit with a simple idevicebackup2 --help
|
|
|
|
==14299== Invalid read of size 4
|
|
==14299== at 0x547AEBC: OPENSSL_sk_pop_free (stack.c:263)
|
|
==14299== by 0x508B848: ssl_library_stop (ssl_init.c:182)
|
|
==14299== by 0x5424D11: OPENSSL_cleanup (init.c:402)
|
|
==14299== by 0x5DC3134: __cxa_finalize (cxa_finalize.c:56)
|
|
==14299== by 0x53332B2: ??? (in /usr/lib64/libcrypto.so.1.1.0e)
|
|
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
|
|
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
|
|
==14299== by 0x5DC2E19: exit (exit.c:105)
|
|
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
|
|
==14299== Address 0x6585590 is 0 bytes inside a block of size 40 free'd
|
|
==14299== at 0x4C2FCC8: free (vg_replace_malloc.c:530)
|
|
==14299== by 0x4E43381: sk_SSL_COMP_free (ssl.h:830)
|
|
==14299== by 0x4E434E7: internal_idevice_deinit (idevice.c:103)
|
|
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
|
|
==14299== by 0x4E5663A: thread_once (thread.c:104)
|
|
==14299== by 0x4E43525: libimobiledevice_deinitialize (idevice.c:140)
|
|
==14299== by 0x4011232: _dl_fini (dl-fini.c:235)
|
|
==14299== by 0x5DC2DC7: __run_exit_handlers (exit.c:83)
|
|
==14299== by 0x5DC2E19: exit (exit.c:105)
|
|
==14299== by 0x5DA8604: (below main) (libc-start.c:329)
|
|
==14299== Block was alloc'd at
|
|
==14299== at 0x4C2EB1B: malloc (vg_replace_malloc.c:299)
|
|
==14299== by 0x5428908: CRYPTO_zalloc (mem.c:100)
|
|
==14299== by 0x547A9AE: OPENSSL_sk_new (stack.c:108)
|
|
==14299== by 0x5087D43: sk_SSL_COMP_new (ssl.h:830)
|
|
==14299== by 0x5087D43: do_load_builtin_compressions (ssl_ciph.c:482)
|
|
==14299== by 0x5087D43: do_load_builtin_compressions_ossl_ (ssl_ciph.c:476)
|
|
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
|
|
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
|
|
==14299== by 0x5089F96: load_builtin_compressions (ssl_ciph.c:500)
|
|
==14299== by 0x5089F96: SSL_COMP_get_compression_methods (ssl_ciph.c:1845)
|
|
==14299== by 0x508B68B: ossl_init_ssl_base (ssl_init.c:125)
|
|
==14299== by 0x508B68B: ossl_init_ssl_base_ossl_ (ssl_init.c:25)
|
|
==14299== by 0x5B79643: __pthread_once_slow (pthread_once.c:116)
|
|
==14299== by 0x547B198: CRYPTO_THREAD_run_once (threads_pthread.c:106)
|
|
==14299== by 0x508B90A: OPENSSL_init_ssl (ssl_init.c:227)
|
|
==14299== by 0x4E43416: internal_idevice_init (idevice.c:73)
|
|
=
|
|
|
|
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
|
|
---
|
|
src/idevice.c | 10 +++++++++-
|
|
1 file changed, 9 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/idevice.c b/src/idevice.c
|
|
index 913038ef..d1f13cb6 100644
|
|
--- a/src/idevice.c
|
|
+++ b/src/idevice.c
|
|
@@ -51,6 +51,14 @@
|
|
#include "common/debug.h"
|
|
|
|
#ifdef HAVE_OPENSSL
|
|
+
|
|
+#if OPENSSL_VERSION_NUMBER < 0x10002000L
|
|
+static void SSL_COMP_free_compression_methods(void)
|
|
+{
|
|
+ sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
|
|
+}
|
|
+#endif
|
|
+
|
|
static mutex_t *mutex_buf = NULL;
|
|
static void locking_function(int mode, int n, const char* file, int line)
|
|
{
|
|
@@ -100,7 +108,7 @@ static void internal_idevice_deinit(void)
|
|
|
|
EVP_cleanup();
|
|
CRYPTO_cleanup_all_ex_data();
|
|
- sk_SSL_COMP_free(SSL_COMP_get_compression_methods());
|
|
+ SSL_COMP_free_compression_methods();
|
|
#ifdef HAVE_ERR_REMOVE_THREAD_STATE
|
|
ERR_remove_thread_state(NULL);
|
|
#else
|