--94eb2c05eb72af425f056056a2cc Content-Type: text/plain; charset="UTF-8"
Done in ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.patch
On Fri, 15 Dec 2017 at 04:36 Howard Chu hyc@symas.com wrote:
bbaetz@google.com wrote:
Full_Name: Bradley Baetz Version: 2.4.45 OS: linux URL: ftp://ftp.openldap.org/incoming/bradley-baetz-20171214.patch Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)
Thanks for the patch. The initialization of the static tlso_bio_method is racy. One-time initializations should be done in tlso_init, and the allocated memory should be freed in tlso_destroy.
ITS#8533 added support for the OpenSSL's hiding of the bio_method_st
struct.
However, it did this by re-defining the now-private structure, using the
OpenSSL
1.0 version. That will fail when OpenSSL changes their structure, which
they
have already done for v1.1.1 - see
https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=include/internal/bio....
It also fails with BoringSSL, which has v1.0's OPENSSL_VERSION_NUMBER
define,
but has not yet hidden the struct definition.
The attached file is derived from OpenLDAP Software. All of the
modifications to
OpenLDAP Software represented in the following patch(es) were developed
by
Google, LLC. Google, LLC has not assigned rights and/or interest in this
work to
any party. I, Bradley Baetz am authorized by Google, LLC, my employer, to release this work under the following terms.
The attached modifications to OpenLDAP Software are subject to the
following
notice: Copyright 2017 Google, LLC. Redistribution and use in source and binary forms, with or without
modification,
are permitted only as authorized by the OpenLDAP Public License.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
--94eb2c05eb72af425f056056a2cc Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><span style=3D"font-size:small">Done in=C2=A0</span><a hre= f=3D"ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.patch" style=3D= "font-size:small">ftp://ftp.openldap.org/incoming/bradley-baetz-20171215.pa= tch</a><br><br class=3D"inbox-inbox-Apple-interchange-newline"></div><br><d= iv class=3D"gmail_quote"><div dir=3D"ltr">On Fri, 15 Dec 2017 at 04:36 Howa= rd Chu <<a href=3D"mailto:hyc@symas.com">hyc@symas.com</a>> wrote:<br=
</div><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-=
left:1px #ccc solid;padding-left:1ex"><a href=3D"mailto:bbaetz@google.com" = target=3D"_blank">bbaetz@google.com</a> wrote:<br> > Full_Name: Bradley Baetz<br> > Version: 2.4.45<br> > OS: linux<br> > URL: <a href=3D"ftp://ftp.openldap.org/incoming/bradley-baetz-20171214= .patch" rel=3D"noreferrer" target=3D"_blank">ftp://ftp.openldap.org/incomin= g/bradley-baetz-20171214.patch</a><br> > Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)<br> <br> Thanks for the patch. The initialization of the static tlso_bio_method is<b= r> racy. One-time initializations should be done in tlso_init, and the allocat= ed<br> memory should be freed in tlso_destroy.<br> <br> ><br> > ITS#8533 added support for the OpenSSL's hiding of the bio_method_= st struct.<br> ><br> > However, it did this by re-defining the now-private structure, using t= he OpenSSL<br> > 1.0 version. That will fail when OpenSSL changes their structure, whic= h they<br> > have already done for v1.1.1 - see<br> > <a href=3D"https://git.openssl.org/gitweb/?p=3Dopenssl.git;a=3Dblob;f= =3Dinclude/internal/bio.h;hb=3De1dd8fa00a1e06d27c8b024dac7657a8d8a9b451#l16= " rel=3D"noreferrer" target=3D"_blank">https://git.openssl.org/gitweb/?p=3D= openssl.git;a=3Dblob;f=3Dinclude/internal/bio.h;hb=3De1dd8fa00a1e06d27c8b02= 4dac7657a8d8a9b451#l16</a><br> ><br> > It also fails with BoringSSL, which has v1.0's OPENSSL_VERSION_NUM= BER define,<br> > but has not yet hidden the struct definition.<br> ><br> > The attached file is derived from OpenLDAP Software. All of the modifi= cations to<br> > OpenLDAP Software represented in the following patch(es) were develope= d by<br> > Google, LLC. Google, LLC has not assigned rights and/or interest in th= is work to<br> > any party. I, Bradley Baetz am authorized by Google, LLC, my employer,= to<br> > release this work under the following terms.<br> ><br> > The attached modifications to OpenLDAP Software are subject to the fol= lowing<br> > notice:<br> > Copyright 2017 Google, LLC.<br> > Redistribution and use in source and binary forms, with or without mod= ification,<br> > are permitted only as authorized by the OpenLDAP Public License.<br> ><br> ><br> <br> <br> --<br> =C2=A0 =C2=A0-- Howard Chu<br> =C2=A0 =C2=A0CTO, Symas Corp.=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0<a hr= ef=3D"http://www.symas.com" rel=3D"noreferrer" target=3D"_blank">http://www= .symas.com</a><br> =C2=A0 =C2=A0Director, Highland Sun=C2=A0 =C2=A0 =C2=A0<a href=3D"http://hi= ghlandsun.com/hyc/" rel=3D"noreferrer" target=3D"_blank">http://highlandsun= .com/hyc/</a><br> =C2=A0 =C2=A0Chief Architect, OpenLDAP=C2=A0 <a href=3D"http://www.openldap= .org/project/" rel=3D"noreferrer" target=3D"_blank">http://www.openldap.org= /project/</a><br> </blockquote></div>
--94eb2c05eb72af425f056056a2cc--