[OpenSIPS-Devel] [OpenSIPS/opensips] b1e34a: tls_openssl: fix per-thread state double-free acro...
Norm Brandinger
noreply at github.com
Fri Apr 24 07:52:12 UTC 2026
Branch: refs/heads/3.4
Home: https://github.com/OpenSIPS/opensips
Commit: b1e34a27b1c1a9efe654287c47c76ced4289eef2
https://github.com/OpenSIPS/opensips/commit/b1e34a27b1c1a9efe654287c47c76ced4289eef2
Author: Norm Brandinger <n.brandinger at gmail.com>
Date: 2026-04-24 (Fri, 24 Apr 2026)
Changed paths:
M modules/tls_openssl/openssl.c
Log Message:
-----------
tls_openssl: fix per-thread state double-free across fork()
Register a pthread_atfork prepare handler that calls OPENSSL_thread_stop()
before each fork(). CRYPTO_set_mem_functions() routes all OpenSSL allocations
to shared memory, but per-thread structures (ERR_STATE, DRBG) use thread-local
storage pointers inherited across fork(). Without cleanup, child processes
inherit a stale pointer to the parent per-thread state; if the parent frees or
re-creates that state, the child next OpenSSL call triggers a double-free
(detected by QM_MALLOC_DBG as SIGABRT).
After OPENSSL_thread_stop() the thread-local pointer is NULL. Both parent and
child lazily allocate fresh per-thread state on the next OpenSSL call.
This complements the existing on_exit(_exit) handler which covers the same
class of double-free at process exit time.
(cherry picked from commit c8d148c1ea0b018964dc24cfce01ac0cf3e8940e)
(cherry picked from commit 66cca03849dc30193cf7b1dfe026ce6f4210609a)
To unsubscribe from these emails, change your notification settings at https://github.com/OpenSIPS/opensips/settings/notifications
More information about the Devel
mailing list