[Opendnssec-develop] Library (un)link issues.

Yuri Schaeffer yuri at nlnetlabs.nl
Mon Dec 14 09:38:27 UTC 2015


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi all,

We've had a report[0] with duplicate[1] where "ods-ksmutil key list
- --verbose" segfaults.

#0 0x00007ffff50a7c80 in ?? ()
#1 0x00007ffff5e39252 in CRYPTO_THREADID_current () from
/usr/lib64/libcrypto.so.1.0.0
#2 0x00007ffff5dc8648 in ERR_remove_thread_state () from
/usr/lib64/libcrypto.so.1.0.0
#3 0x00007ffff75089bc in vio_end () from /usr/lib64/libmysqlclient.so.18
#4 0x00007ffff74d1d26 in mysql_server_end () from
/usr/lib64/libmysqlclient.so.18
#5 0x0000000000424f7d in DbDisconnect ()
#6 0x0000000000407c71 in cmd_exportkeys ()
#7 0x000000000040d339 in main ()


Switching the two lines (i.e. hsm_close() last) resolves the issue.

enforcer/utils/ksmutil.c: (in cmd_exportkeys())
1837 hsm_close();
1838 DbDisconnect(dbhandle);

What I suspect is that both libmysqlclient and softhsm link against
OpenSSL on user's system and double closing/unlinking of OpenSSL gives
this problem. When the lines are swapped it works more or less by
luck? Or maybe because mysql developers known about similar issues?

In any case I don't know enough about this matter to make a meaningful
statement about which of the involved software should be fixed.
Looking for your 2 cents!

//Yuri

[0] https://issues.opendnssec.org/browse/SUPPORT-183
[1] https://issues.opendnssec.org/browse/SUPPORT-184
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iEYEARECAAYFAlZujhMACgkQI3PTR4mhavjeEwCgrcJcIzJIZ12Yy9Ryftis5Av4
SlcAn1BH+Yth0eXw5rUdFQttPB6w4nAU
=h5Pu
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list