bbaetz@google.com wrote:
Full_Name: Bradley Baetz Version: 2.4.45 OS: linux URL: ftp://ftp.openldap.org/incoming/bradley-baetz-20171214.patch Submission from: (NULL) (2401:fa00:9:11:7ac0:58b5:299c:bebb)
Thanks for the patch. The initialization of the static tlso_bio_method is racy. One-time initializations should be done in tlso_init, and the allocated memory should be freed in tlso_destroy.
ITS#8533 added support for the OpenSSL's hiding of the bio_method_st struct.
However, it did this by re-defining the now-private structure, using the OpenSSL 1.0 version. That will fail when OpenSSL changes their structure, which they have already done for v1.1.1 - see https://git.openssl.org/gitweb/?p=openssl.git;a=blob;f=include/internal/bio....
It also fails with BoringSSL, which has v1.0's OPENSSL_VERSION_NUMBER define, but has not yet hidden the struct definition.
The attached file is derived from OpenLDAP Software. All of the modifications to OpenLDAP Software represented in the following patch(es) were developed by Google, LLC. Google, LLC has not assigned rights and/or interest in this work to any party. I, Bradley Baetz am authorized by Google, LLC, my employer, to release this work under the following terms.
The attached modifications to OpenLDAP Software are subject to the following notice: Copyright 2017 Google, LLC. Redistribution and use in source and binary forms, with or without modification, are permitted only as authorized by the OpenLDAP Public License.