[Python-checkins] cpython (3.3): Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL

georg.brandl python-checkins at python.org
Sun Nov 17 09:19:39 CET 2013


http://hg.python.org/cpython/rev/4e6aa98bb11c
changeset:   87170:4e6aa98bb11c
branch:      3.3
user:        Christian Heimes <christian at cheimes.de>
date:        Tue Oct 29 20:50:01 2013 +0100
summary:
  Issue #19227 / Issue #18747: Remove pthread_atfork() handler to remove OpenSSL re-seeding
It is causing trouble like e.g. hanging processes.

files:
  Modules/_ssl.c |  67 --------------------------------------
  1 files changed, 0 insertions(+), 67 deletions(-)


diff --git a/Modules/_ssl.c b/Modules/_ssl.c
--- a/Modules/_ssl.c
+++ b/Modules/_ssl.c
@@ -19,9 +19,6 @@
 #ifdef WITH_THREAD
 #include "pythread.h"
 
-#ifdef HAVE_PTHREAD_ATFORK
-#  include <pthread.h>
-#endif
 
 #define PySSL_BEGIN_ALLOW_THREADS_S(save) \
     do { if (_ssl_locks_count>0) { (save) = PyEval_SaveThread(); } } while (0)
@@ -2584,65 +2581,6 @@
 Returns number of bytes read.  Raises SSLError if connection to EGD\n\
 fails or if it does not provide enough data to seed PRNG.");
 
-/* Seed OpenSSL's PRNG at fork(), http://bugs.python.org/issue18747
- *
- * The prepare handler seeds the PRNG from pseudo-random data like pid, the
- * current time (miliseconds or seconds) and an uninitialized array.
- * The array contains stack variables that are impossible to predict
- * on most systems, e.g. function return address (subject to ASLR), the
- * stack protection canary and automatic variables.
- * The code is inspired by Apache's ssl_rand_seed() function.
- *
- * Note:
- * The code uses pthread_atfork() until Python has a proper atfork API. The
- * handlers are not removed from the child process. A prepare handler is used
- * instead of a child handler because fork() is supposed to be async-signal
- * safe but the handler calls unsafe functions. A parent handler has caused
- * other problems, see issue #19227.
- */
-
-#if defined(HAVE_PTHREAD_ATFORK) && defined(WITH_THREAD)
-#define PYSSL_RAND_ATFORK 1
-
-static void
-PySSL_RAND_atfork_prepare(void)
-{
-    struct {
-        char stack[128];    /* uninitialized (!) stack data, 128 is an
-                               arbitrary number. */
-        pid_t pid;          /* current pid */
-        _PyTime_timeval tp; /* current time */
-    } seed;
-
-#ifdef WITH_VALGRIND
-    VALGRIND_MAKE_MEM_DEFINED(seed.stack, sizeof(seed.stack));
-#endif
-    seed.pid = getpid();
-    _PyTime_gettimeofday(&(seed.tp));
-    RAND_add((unsigned char *)&seed, sizeof(seed), 0.0);
-}
-
-static int
-PySSL_RAND_atfork(void)
-{
-    static int registered = 0;
-    int retval;
-
-    if (registered)
-        return 0;
-
-    retval = pthread_atfork(PySSL_RAND_atfork_prepare, /* prepare */
-                            NULL,                      /* parent */
-                            NULL);                     /* child */
-    if (retval != 0) {
-        PyErr_SetFromErrno(PyExc_OSError);
-        return -1;
-    }
-    registered = 1;
-    return 0;
-}
-#endif /* HAVE_PTHREAD_ATFORK */
-
 #endif /* HAVE_OPENSSL_RAND */
 
 
@@ -3022,10 +2960,5 @@
     if (r == NULL || PyModule_AddObject(m, "_OPENSSL_API_VERSION", r))
         return NULL;
 
-#ifdef PYSSL_RAND_ATFORK
-    if (PySSL_RAND_atfork() == -1)
-        return NULL;
-#endif
-
     return m;
 }

-- 
Repository URL: http://hg.python.org/cpython


More information about the Python-checkins mailing list