mirror of
https://github.com/openssl/openssl.git
synced 2024-12-03 05:41:46 +08:00
9257959950
Ty Baen-Price explains: > Problem and Resolution: > The following lines of code make use of the Microsoft API ExitProcess: > > ``` > Apps\Speed.c line 335: ExitProcess(ret); > Ms\uplink.c line 22: ExitProcess(1); > ``` > > These function calls are made after fatal errors are detected and > program termination is desired. ExitProcess(), however causes > _orderly_ shutdown of a process and all its threads, i.e. it unloads > all dlls and runs all destructors. See MSDN for details of exactly > what happens > (https://msdn.microsoft.com/en-us/library/windows/desktop/ms682658(v=vs.85).aspx). > The MSDN page states that ExitProcess should never be called unless > it is _known to be safe_ to call it. These calls should simply be > replaced with calls to TerminateProcess(), which is what should be > called for _disorderly_ shutdown. > > An example of usage: > > ``` > TerminateProcess(GetCurrentProcess(), exitcode); > ``` > > Effect of Problem: > Because of a compilation error (wrong c++ runtime), my program > executed the uplink.c ExitProcess() call. This caused the single > OpenSSL thread to start executing the destructors of all my dlls, > and their objects. Unfortunately, about 30 other threads were > happily using those objects at that time, eventually causing a > 0xC0000005 ACCESS_VIOLATION. Obviously an ACCESS_VIOLATION is the > best case scenario, as I'm sure you can imagine at the consequences > of undiscovered memory corruption, even in a terminating process. And on the subject of `TerminateProcess()` being asynchronous: > That is technically true, but I think it's probably synchronous > "enough" for your purposes, since a call to TerminateProcess > suspends execution of all threads in the target process. This means > it's really only asynchronous if you're calling TerminateProcess one > some _other_ process. If you're calling TerminateProcess on your own > process, you'll never return from the TerminateProcess call. Fixes #2489 Was originally RT-4526 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8301)
136 lines
4.0 KiB
C
136 lines
4.0 KiB
C
/*
|
|
* Copyright 2004-2016 The OpenSSL Project Authors. All Rights Reserved.
|
|
*
|
|
* Licensed under the Apache License 2.0 (the "License"). You may not use
|
|
* this file except in compliance with the License. You can obtain a copy
|
|
* in the file LICENSE in the source distribution or at
|
|
* https://www.openssl.org/source/license.html
|
|
*/
|
|
|
|
#if (defined(_WIN64) || defined(_WIN32_WCE)) && !defined(UNICODE)
|
|
# define UNICODE
|
|
#endif
|
|
#if defined(UNICODE) && !defined(_UNICODE)
|
|
# define _UNICODE
|
|
#endif
|
|
#if defined(_UNICODE) && !defined(UNICODE)
|
|
# define UNICODE
|
|
#endif
|
|
|
|
#include <windows.h>
|
|
#include <tchar.h>
|
|
#include <stdio.h>
|
|
#include "uplink.h"
|
|
void OPENSSL_showfatal(const char *, ...);
|
|
|
|
static TCHAR msg[128];
|
|
|
|
static void unimplemented(void)
|
|
{
|
|
OPENSSL_showfatal(sizeof(TCHAR) == sizeof(char) ? "%s\n" : "%S\n", msg);
|
|
TerminateProcess(GetCurrentProcess(), 1);
|
|
}
|
|
|
|
void OPENSSL_Uplink(volatile void **table, int index)
|
|
{
|
|
static HMODULE volatile apphandle = NULL;
|
|
static void **volatile applinktable = NULL;
|
|
int len;
|
|
void (*func) (void) = unimplemented;
|
|
HANDLE h;
|
|
void **p;
|
|
|
|
/*
|
|
* Note that the below code is not MT-safe in respect to msg buffer, but
|
|
* what's the worst thing that can happen? Error message might be
|
|
* misleading or corrupted. As error condition is fatal and should never
|
|
* be risen, I accept the risk...
|
|
*/
|
|
/*
|
|
* One can argue that I should have used InterlockedExchangePointer or
|
|
* something to update static variables and table[]. Well, store
|
|
* instructions are as atomic as they can get and assigned values are
|
|
* effectively constant... So that volatile qualifier should be
|
|
* sufficient [it prohibits compiler to reorder memory access
|
|
* instructions].
|
|
*/
|
|
do {
|
|
len = _sntprintf(msg, sizeof(msg) / sizeof(TCHAR),
|
|
_T("OPENSSL_Uplink(%p,%02X): "), table, index);
|
|
_tcscpy(msg + len, _T("unimplemented function"));
|
|
|
|
if ((h = apphandle) == NULL) {
|
|
if ((h = GetModuleHandle(NULL)) == NULL) {
|
|
apphandle = (HMODULE) - 1;
|
|
_tcscpy(msg + len, _T("no host application"));
|
|
break;
|
|
}
|
|
apphandle = h;
|
|
}
|
|
if ((h = apphandle) == (HMODULE) - 1) /* revalidate */
|
|
break;
|
|
|
|
if (applinktable == NULL) {
|
|
void **(*applink) ();
|
|
|
|
applink = (void **(*)())GetProcAddress(h, "OPENSSL_Applink");
|
|
if (applink == NULL) {
|
|
apphandle = (HMODULE) - 1;
|
|
_tcscpy(msg + len, _T("no OPENSSL_Applink"));
|
|
break;
|
|
}
|
|
p = (*applink) ();
|
|
if (p == NULL) {
|
|
apphandle = (HMODULE) - 1;
|
|
_tcscpy(msg + len, _T("no ApplinkTable"));
|
|
break;
|
|
}
|
|
applinktable = p;
|
|
} else
|
|
p = applinktable;
|
|
|
|
if (index > (int)p[0])
|
|
break;
|
|
|
|
if (p[index])
|
|
func = p[index];
|
|
} while (0);
|
|
|
|
table[index] = func;
|
|
}
|
|
|
|
#if defined(_MSC_VER) && defined(_M_IX86)
|
|
# define LAZY(i) \
|
|
__declspec(naked) static void lazy##i (void) { \
|
|
_asm push i \
|
|
_asm push OFFSET OPENSSL_UplinkTable \
|
|
_asm call OPENSSL_Uplink \
|
|
_asm add esp,8 \
|
|
_asm jmp OPENSSL_UplinkTable+4*i }
|
|
|
|
# if APPLINK_MAX>25
|
|
# error "Add more stubs..."
|
|
# endif
|
|
/* make some in advance... */
|
|
LAZY(1) LAZY(2) LAZY(3) LAZY(4) LAZY(5)
|
|
LAZY(6) LAZY(7) LAZY(8) LAZY(9) LAZY(10)
|
|
LAZY(11) LAZY(12) LAZY(13) LAZY(14) LAZY(15)
|
|
LAZY(16) LAZY(17) LAZY(18) LAZY(19) LAZY(20)
|
|
LAZY(21) LAZY(22) LAZY(23) LAZY(24) LAZY(25)
|
|
void *OPENSSL_UplinkTable[] = {
|
|
(void *)APPLINK_MAX,
|
|
lazy1, lazy2, lazy3, lazy4, lazy5,
|
|
lazy6, lazy7, lazy8, lazy9, lazy10,
|
|
lazy11, lazy12, lazy13, lazy14, lazy15,
|
|
lazy16, lazy17, lazy18, lazy19, lazy20,
|
|
lazy21, lazy22, lazy23, lazy24, lazy25,
|
|
};
|
|
#endif
|
|
|
|
#ifdef SELFTEST
|
|
main()
|
|
{
|
|
UP_fprintf(UP_stdout, "hello, world!\n");
|
|
}
|
|
#endif
|