diff options
| author | Christian Heimes <christian@cheimes.de> | 2013-08-22 11:19:56 (GMT) |
|---|---|---|
| committer | Christian Heimes <christian@cheimes.de> | 2013-08-22 11:19:56 (GMT) |
| commit | f54c24628b080002100b9ee4506387ac48551736 (patch) | |
| tree | 7a0776f81fad10385026635deff7c33491045743 | |
| parent | 7d2d43c0b15b8062c9b5d672a78e653abe2e1d91 (diff) | |
| parent | 80c5de93f99f348553346f15a697c1acc0b9c612 (diff) | |
| download | cpython-f54c24628b080002100b9ee4506387ac48551736.zip cpython-f54c24628b080002100b9ee4506387ac48551736.tar.gz cpython-f54c24628b080002100b9ee4506387ac48551736.tar.bz2 | |
Issue #18747: Use a parent atfork handler instead of a child atfork handler.
fork() is suppose to be async-signal safe but the handler calls unsafe functions. A parent handler mitigates the issue.
| -rw-r--r-- | Modules/_ssl.c | 21 |
1 files changed, 9 insertions, 12 deletions
diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 3eb03a7..f84ef92 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2943,23 +2943,25 @@ fails or if it does not provide enough data to seed PRNG."); /* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747 * - * The child handler seeds the PRNG from pseudo-random data like pid, the - * current time (nanoseconds, miliseconds or seconds) and an uninitialized - * array. The array contains stack variables that are impossible to predict + * The parent handler seeds the PRNG from pseudo-random data like pid, the + * current time (miliseconds or seconds) and an uninitialized arry. + * The array contains stack variables that are impossible to predict * on most systems, e.g. function return address (subject to ASLR), the * stack protection canary and automatic variables. * The code is inspired by Apache's ssl_rand_seed() function. * * Note: * The code uses pthread_atfork() until Python has a proper atfork API. The - * handlers are not removed from the child process. + * handlers are not removed from the child process. A parent handler is used + * instead of a child handler because fork() is suppose to be async-signal + * safe but the handler calls unsafe functions. */ #if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD) #define PYSSL_RAND_ATFORK 1 static void -PySSL_RAND_atfork_child(void) +PySSL_RAND_atfork_parent(void) { struct { char stack[128]; /* uninitialized (!) stack data, 128 is an @@ -2973,11 +2975,6 @@ PySSL_RAND_atfork_child(void) #endif seed.pid = getpid(); _PyTime_gettimeofday(&(seed.tp)); - -#if 0 - fprintf(stderr, "PySSL_RAND_atfork_child() seeds %i bytes in pid %i\n", - (int)sizeof(seed), seed.pid); -#endif RAND_add((unsigned char *)&seed, sizeof(seed), 0.0); } @@ -2991,8 +2988,8 @@ PySSL_RAND_atfork(void) return 0; retval = pthread_atfork(NULL, /* prepare */ - NULL, /* parent */ - PySSL_RAND_atfork_child); /* child */ + PySSL_RAND_atfork_parent, /* parent */ + NULL); /* child */ if (retval != 0) { PyErr_SetFromErrno(PyExc_OSError); return -1; |