diff options
| author | Georg Brandl <georg@python.org> | 2013-10-27 06:57:42 (GMT) |
|---|---|---|
| committer | Georg Brandl <georg@python.org> | 2013-10-27 06:57:42 (GMT) |
| commit | fb404f528a1c0122f72ad4ab12cd5c26e5d13835 (patch) | |
| tree | 7f15479a297ba9ca134d4ba61168192ac8149439 | |
| parent | b89b5df9c9aa2e45bfffa95f5e3deb6234232c93 (diff) | |
| parent | 81be27d53e33b6eb5cedf75c17038673e1555145 (diff) | |
| download | cpython-fb404f528a1c0122f72ad4ab12cd5c26e5d13835.zip cpython-fb404f528a1c0122f72ad4ab12cd5c26e5d13835.tar.gz cpython-fb404f528a1c0122f72ad4ab12cd5c26e5d13835.tar.bz2 | |
#19227: merge with 3.3
| -rw-r--r-- | Misc/NEWS | 3 | ||||
| -rw-r--r-- | Modules/_ssl.c | 15 |
2 files changed, 11 insertions, 7 deletions
@@ -23,6 +23,9 @@ Library - Issue #19329: Optimized compiling charsets in regular expressions. +- Issue #19227: Try to fix deadlocks caused by re-seeding then OpenSSL + pseudo-random number generator on fork(). + - Issue #16037: HTTPMessage.readheaders() raises an HTTPException when more than 100 headers are read. Adapted from patch by Jyrki Pulliainen. diff --git a/Modules/_ssl.c b/Modules/_ssl.c index 20d0212..9343cb6 100644 --- a/Modules/_ssl.c +++ b/Modules/_ssl.c @@ -2952,7 +2952,7 @@ fails or if it does not provide enough data to seed PRNG."); /* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747 * - * The parent handler seeds the PRNG from pseudo-random data like pid, the + * The prepare handler seeds the PRNG from pseudo-random data like pid, the * current time (miliseconds or seconds) and an uninitialized array. * The array contains stack variables that are impossible to predict * on most systems, e.g. function return address (subject to ASLR), the @@ -2961,16 +2961,17 @@ fails or if it does not provide enough data to seed PRNG."); * * Note: * The code uses pthread_atfork() until Python has a proper atfork API. The - * handlers are not removed from the child process. A parent handler is used + * handlers are not removed from the child process. A prepare handler is used * instead of a child handler because fork() is supposed to be async-signal - * safe but the handler calls unsafe functions. + * safe but the handler calls unsafe functions. A parent handler has caused + * other problems, see issue #19227. */ #if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD) #define PYSSL_RAND_ATFORK 1 static void -PySSL_RAND_atfork_parent(void) +PySSL_RAND_atfork_prepare(void) { struct { char stack[128]; /* uninitialized (!) stack data, 128 is an @@ -2996,9 +2997,9 @@ PySSL_RAND_atfork(void) if (registered) return 0; - retval = pthread_atfork(NULL, /* prepare */ - PySSL_RAND_atfork_parent, /* parent */ - NULL); /* child */ + retval = pthread_atfork(PySSL_RAND_atfork_prepare, /* prepare */ + NULL, /* parent */ + NULL); /* child */ if (retval != 0) { PyErr_SetFromErrno(PyExc_OSError); return -1; |