openwsman uses OpenSSL library in non-thread safe way

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

openwsman uses OpenSSL library in non-thread safe way

Vitezslav Crhonek
Hello Klaus,

It seems that openwsman uses OpenSSL library in non-thread safe way.

It can be quite easily reproduced by running few wsman enumerate
queries (six was enough for me) for CIM classes (two different classes,
OpenPegasus CIM server used) simultaneously in a loop for some time,
with SSL enabled on the openwsman server. (No problem seen without SSL.)

Openwsman server randomly crashes after ~10-120 minutes. (It could last
longer, but most of the time it was circa this interval.)

Tracebacks from coredumps lead to various parts of SSL library and
there are also various errors (Segmentation fault, free(): invalid size,
etc.)

Attached patch fixes the issue for me (~24 hours without crash).
Please review it and consider to include it in next upstream release.

Best regards,
Vitezslav Crhonek

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel

ssl-thread-safe.patch (1K) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openwsman uses OpenSSL library in non-thread safe way

Vitezslav Crhonek
On 04/14/2015 03:29 PM, Vitezslav Crhonek wrote:

> Hello Klaus,
>
> It seems that openwsman uses OpenSSL library in non-thread safe way.
>...
> ...
> Attached patch fixes the issue for me (~24 hours without crash).
> Please review it and consider to include it in next upstream release.
>
> Best regards,
> Vitezslav Crhonek
>

Well, the patch doesn't fix the issue, forget it...
I was just coincidence that it worked so long:)

I'm looking into openssl source code, where is an example how
to do threading with SSL correctly (crypto/threads/mttest.c),
but I don't know how to use it in the openwsman code yet.

Best regards,
Vitezslav Crhonek

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: openwsman uses OpenSSL library in non-thread safe way

Klaus Kaempf
* Vitezslav Crhonek <[hidden email]> [Apr 23. 2015 16:19]:
>
> Well, the patch doesn't fix the issue, forget it...
> I was just coincidence that it worked so long:)

Too bad. I'm just preparing a new release of Openwsman.

>
> I'm looking into openssl source code, where is an example how
> to do threading with SSL correctly (crypto/threads/mttest.c),
> but I don't know how to use it in the openwsman code yet.

I keep my fingers crossed and thanks for your contribution !


Klaus
--
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Jennifer Guild, Dilip Upmanyu, Graham Norton, HRB 21284 (AG Nürnberg)
Maxfeldstraße 5, 90409 Nürnberg, Germany

------------------------------------------------------------------------------
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance with the BPMN 2 standard
Learn Process modeling best practices with Bonita BPM through live exercises
http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_
source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF
_______________________________________________
Openwsman-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/openwsman-devel
Loading...