Aaron Richton wrote:
Actually, this could be it exactly. To my reading, the 0.9.8d tarball
still defaults to (an extremely dangerous) getpid(). 2.3.30 never uses
CRYPTO_set_id_callback. And the most recent thread I see on the matter
an attitude of "Yeah, if anything, we should make things break more
frequently when there's no callback set." Perhaps we should be adding
one, with a bit of platform awareness through lutil?
In the current OpenSSL, the address of errno is tested as well. Since
this is always unique per thread, there's really no need to set the id
callback any more. The problem with just using CRYPTO_set_id_callback is
that it doesn't work on platforms where a thread ID is not an integer
(e.g. OS/390). I don't think CRYPTO_set_idptr_callback was available in
earlier OpenSSL releases.
Too bad they didn't define CRYPTO_set_id_callback correctly, to return
the actual type of a thread ID instead of unsigned long.
On Wed, 29 Nov 2006, Howard Chu wrote:
> Aaron Richton wrote:
>> I'm on latest 0.9.7 release. I can try and put together a slapd with
>> 0.9.8d, and I guess if we're going to (potentially?) be pointing
>> fingers toward OpenSSL that's a good idea anyway...
> Yes, definitely a good idea. The prior releases always used getpid()
> to determine the threadID of the current thread, to decide if locking
> was needed. This is obviously only correct on old systems running
> LinuxThreads, where each thread was actually a separate process. It's
> surprising that it wasn't until recently that we've started seeing
> crashes caused by this bug.
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/