mirrors/cpython
1
0
Fork 0
mirror of https://github.com/python/cpython.git synced 2025-11-02 03:01:58 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 15

Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL

Browse source 
pseudo-random number generator on fork().
This commit is contained in:
Georg Brandl 2013-10-27 07:56:11 +01:00
parent 045ee06ae9
commit 81be27d53e
2 changed files with 11 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

3
Misc/NEWS
View file

@ -81,6 +81,9 @@ Core and Builtins
Library Library
------- -------
- Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
pseudo-random number generator on fork().
- Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read. Adapted from patch by Jyrki Pulliainen. 100 headers are read. Adapted from patch by Jyrki Pulliainen.

15
Modules/_ssl.c
View file

@ -2586,7 +2586,7 @@ fails or if it does not provide enough data to seed PRNG.");
/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747 /* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
* *
* The parent handler seeds the PRNG from pseudo-random data like pid, the * The prepare handler seeds the PRNG from pseudo-random data like pid, the
* current time (miliseconds or seconds) and an uninitialized array. * current time (miliseconds or seconds) and an uninitialized array.
* The array contains stack variables that are impossible to predict * The array contains stack variables that are impossible to predict
* on most systems, e.g. function return address (subject to ASLR), the * on most systems, e.g. function return address (subject to ASLR), the
@ -2595,16 +2595,17 @@ fails or if it does not provide enough data to seed PRNG.");
* *
* Note: * Note:
* The code uses pthread_atfork() until Python has a proper atfork API. The * The code uses pthread_atfork() until Python has a proper atfork API. The
* handlers are not removed from the child process. A parent handler is used * handlers are not removed from the child process. A prepare handler is used
* instead of a child handler because fork() is supposed to be async-signal * instead of a child handler because fork() is supposed to be async-signal
* safe but the handler calls unsafe functions. * safe but the handler calls unsafe functions. A parent handler has caused
* other problems, see issue #19227.
*/ */
#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD) #if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
#define PYSSL_RAND_ATFORK 1 #define PYSSL_RAND_ATFORK 1
static void static void
PySSL_RAND_atfork_parent(void) PySSL_RAND_atfork_prepare(void)
{ {
struct { struct {
char stack[128]; /* uninitialized (!) stack data, 128 is an char stack[128]; /* uninitialized (!) stack data, 128 is an
@ -2630,9 +2631,9 @@ PySSL_RAND_atfork(void)
if (registered) if (registered)
return 0; return 0;
retval = pthread_atfork(NULL, /* prepare */ retval = pthread_atfork(PySSL_RAND_atfork_prepare, /* prepare */
PySSL_RAND_atfork_parent, /* parent */ NULL, /* parent */
NULL); /* child */ NULL); /* child */
if (retval != 0) { if (retval != 0) {
PyErr_SetFromErrno(PyExc_OSError); PyErr_SetFromErrno(PyExc_OSError);
return -1; return -1;