summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGeorg Brandl <georg@python.org>2013-10-27 06:56:11 (GMT)
committerGeorg Brandl <georg@python.org>2013-10-27 06:56:11 (GMT)
commit81be27d53e33b6eb5cedf75c17038673e1555145 (patch)
treef8f495bc5cbda058fb2cacb781dbdcbc61284bc9
parent045ee06ae91a1503a8d512929c54e16deabfe9a8 (diff)
downloadcpython-81be27d53e33b6eb5cedf75c17038673e1555145.zip
cpython-81be27d53e33b6eb5cedf75c17038673e1555145.tar.gz
cpython-81be27d53e33b6eb5cedf75c17038673e1555145.tar.bz2
Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
pseudo-random number generator on fork().
-rw-r--r--Misc/NEWS3
-rw-r--r--Modules/_ssl.c15
2 files changed, 11 insertions, 7 deletions
diff --git a/Misc/NEWS b/Misc/NEWS
index 6d01b35..fe56252 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -81,6 +81,9 @@ Core and Builtins
Library
-------
+- Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL
+ pseudo-random number generator on fork().
+
- Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than
100 headers are read. Adapted from patch by Jyrki Pulliainen.
diff --git a/Modules/_ssl.c b/Modules/_ssl.c
index 448114b..b791f28d 100644
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -2586,7 +2586,7 @@ fails or if it does not provide enough data to seed PRNG.");
/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
*
- * The parent handler seeds the PRNG from pseudo-random data like pid, the
+ * The prepare handler seeds the PRNG from pseudo-random data like pid, the
* current time (miliseconds or seconds) and an uninitialized array.
* The array contains stack variables that are impossible to predict
* on most systems, e.g. function return address (subject to ASLR), the
@@ -2595,16 +2595,17 @@ fails or if it does not provide enough data to seed PRNG.");
*
* Note:
* The code uses pthread_atfork() until Python has a proper atfork API. The
- * handlers are not removed from the child process. A parent handler is used
+ * handlers are not removed from the child process. A prepare handler is used
* instead of a child handler because fork() is supposed to be async-signal
- * safe but the handler calls unsafe functions.
+ * safe but the handler calls unsafe functions. A parent handler has caused
+ * other problems, see issue #19227.
*/
#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
#define PYSSL_RAND_ATFORK 1
static void
-PySSL_RAND_atfork_parent(void)
+PySSL_RAND_atfork_prepare(void)
{
struct {
char stack[128]; /* uninitialized (!) stack data, 128 is an
@@ -2630,9 +2631,9 @@ PySSL_RAND_atfork(void)
if (registered)
return 0;
- retval = pthread_atfork(NULL, /* prepare */
- PySSL_RAND_atfork_parent, /* parent */
- NULL); /* child */
+ retval = pthread_atfork(PySSL_RAND_atfork_prepare, /* prepare */
+ NULL, /* parent */
+ NULL); /* child */
if (retval != 0) {
PyErr_SetFromErrno(PyExc_OSError);
return -1;